ISA Server Enterprise Array

For the toppology that im including in this question i need to include the following.

Design an ISA Server Enterprise array for Green Globe
Update your network topology maps and show the locations of ISA Server systems and the Configuration Storage server
Be sure to include details about connectivity between array members and the Configuration Storage server
Construct a naming and addressing scheme for the ISA Server array.

I have no idea how to do this or what an ISA server is supposed to do. If some one could help me understand what i am supposed to do here it would be greatly appreciated.
Below is my topology which could also use some revision.
Visio-New-CSI-Topology-Updated.pdf
kajumbliesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Not going to do your homework or assignment for you - that is outside the scope of our work here and not allowed. If you do not know what an ISA Server is I can give you an overview but it assumes you are aware of other fundamental concepts.

In short, ISA is a product from MS that is no longer is mainstream support having been replaced now by Forefront TMG 2010. It's purpose is to provide proxy services, firewall services and application gateway services all of which combine to protect the internal networks and users from potential (and real) threats from untrusted sources such as the Internet.

ISA comes in two flavours whicg are standard and enterprise. The enterprise version of ISA allows the use of NLB or network load balancing to put more than one ISA node into an array for resilience and failover purposes.

The CSS or configuration storage server holds the ISA configuration used on all nodes and is responsible for ensuring that all nodes have an up to date copy.

With ISA 2006 sp2, the need for having separate nics to handle inter-array traffic between the two ISA nodes was removed.
0
kajumbliesAuthor Commented:
So where would an ISA serve be put in relation to other devices on the network. Would it sit in the DMZ or before or after it?
0
Keith AlabasterEnterprise ArchitectCommented:
If you want full ISA functionality then each node in the array needs to have two nics as a minimum - one external, one internal.
You can deploy ISA as a front end (sits external nics straight onto the internet and internal nics sit on the DMZ/internal network) or as back end (where internal nics sit on the internal network and external nics sit on the DMZ and connect to the internal nics of a different external firewall). The CSS would be internal on the internal network.

If you only need to use ISA for proxy services then you only have one nic in each.

As mentioned, in ISA2006, sp2 the need for inter-array nics was removed. You could still use them if you wanted to but they were no longer an absolute requirement.

ISA 2006 Enterprise includes NLB within the product - don't forget that.

Looking at your diagram - I agree, it needs some work (no offence) - if you were not replacing the Cisco firewalls either at the DMZ entry or exit points then you would only install ISA as proxy only. If you WERE going to be replacing one or other I would replace the Cisco firewall that joins the internal network to the DMZ with the two nodes of the ISA array, load balancing both the internal nics and the external nics, both joined to the domain (isa-node-A, isa-node-b) and use the back end configuration via the configuration wizard that ships with ISA.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Keith AlabasterEnterprise ArchitectCommented:
lol - no problem, shame you don't want to give me the points for answering the question but I guess you have your reasons :(
0
kajumbliesAuthor Commented:
sorry i though i selected your comment as an answer...
0
Keith AlabasterEnterprise ArchitectCommented:
<smiles> thanks, I am now only one question away from breaking the 5 million point barrier here...

Cheers
Keith

http://www.experts-exchange.com/M_3586205.html
0
kajumbliesAuthor Commented:
well im sure ill be asking another question sometime tonight for another 500 point so keep a look out
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.