Solved

ISA Server Enterprise Array

Posted on 2012-04-09
7
687 Views
Last Modified: 2012-04-10
For the toppology that im including in this question i need to include the following.

Design an ISA Server Enterprise array for Green Globe
Update your network topology maps and show the locations of ISA Server systems and the Configuration Storage server
Be sure to include details about connectivity between array members and the Configuration Storage server
Construct a naming and addressing scheme for the ISA Server array.

I have no idea how to do this or what an ISA server is supposed to do. If some one could help me understand what i am supposed to do here it would be greatly appreciated.
Below is my topology which could also use some revision.
Visio-New-CSI-Topology-Updated.pdf
0
Comment
Question by:kajumblies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37826367
Not going to do your homework or assignment for you - that is outside the scope of our work here and not allowed. If you do not know what an ISA Server is I can give you an overview but it assumes you are aware of other fundamental concepts.

In short, ISA is a product from MS that is no longer is mainstream support having been replaced now by Forefront TMG 2010. It's purpose is to provide proxy services, firewall services and application gateway services all of which combine to protect the internal networks and users from potential (and real) threats from untrusted sources such as the Internet.

ISA comes in two flavours whicg are standard and enterprise. The enterprise version of ISA allows the use of NLB or network load balancing to put more than one ISA node into an array for resilience and failover purposes.

The CSS or configuration storage server holds the ISA configuration used on all nodes and is responsible for ensuring that all nodes have an up to date copy.

With ISA 2006 sp2, the need for having separate nics to handle inter-array traffic between the two ISA nodes was removed.
0
 

Author Comment

by:kajumblies
ID: 37830311
So where would an ISA serve be put in relation to other devices on the network. Would it sit in the DMZ or before or after it?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37830411
If you want full ISA functionality then each node in the array needs to have two nics as a minimum - one external, one internal.
You can deploy ISA as a front end (sits external nics straight onto the internet and internal nics sit on the DMZ/internal network) or as back end (where internal nics sit on the internal network and external nics sit on the DMZ and connect to the internal nics of a different external firewall). The CSS would be internal on the internal network.

If you only need to use ISA for proxy services then you only have one nic in each.

As mentioned, in ISA2006, sp2 the need for inter-array nics was removed. You could still use them if you wanted to but they were no longer an absolute requirement.

ISA 2006 Enterprise includes NLB within the product - don't forget that.

Looking at your diagram - I agree, it needs some work (no offence) - if you were not replacing the Cisco firewalls either at the DMZ entry or exit points then you would only install ISA as proxy only. If you WERE going to be replacing one or other I would replace the Cisco firewall that joins the internal network to the DMZ with the two nodes of the ISA array, load balancing both the internal nics and the external nics, both joined to the domain (isa-node-A, isa-node-b) and use the back end configuration via the configuration wizard that ships with ISA.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37830438
lol - no problem, shame you don't want to give me the points for answering the question but I guess you have your reasons :(
0
 

Author Closing Comment

by:kajumblies
ID: 37830489
sorry i though i selected your comment as an answer...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37830496
<smiles> thanks, I am now only one question away from breaking the 5 million point barrier here...

Cheers
Keith

http://www.experts-exchange.com/M_3586205.html
0
 

Author Comment

by:kajumblies
ID: 37830504
well im sure ill be asking another question sometime tonight for another 500 point so keep a look out
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question