RE: FYI: ISA on SBS

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 14 Jul 2003 08:38:37 -0700

I?ll throw my .02 in here. (Since the doctor spoke so highly of SonicWall.)

 

For what Amy is describing, a small business not running their own Exchange
and only using SQL for small internal processes, SBS with ISA is great.

 

I think where the need to remove ISA from SBS comes in if you are going to
use SQL heavily or Exchange heavily. In that case, if you were not going to
use OWA, then a SonicWall serving as the firewall would be fine.

 

However, I would make one more recommendation: If you are going to use OWA
and want those features of Exchange, use SBS with ISA and a SonicWall as the
first line. SonicWall can be configured in what is called Standard mode,
which does not do NAT, instead emulating the default gateway. In this way,
the SonicWall can stop the majority and ISA can then be left to handle all
the RPC stuff.

 

I would be more than happy to expand on this idea.

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Sunday, July 13, 2003 7:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: ISA on SBS

 

http://www.ISAserver.org

Hi Amy,

 

Good thoughts here, Amy!

 

I'm thinking of the SBS group that got SBS because its a good deal, not the
group who's barely holding on and can't spend a nickle for better
functionality or protection. There are a lot of small businesses running SBS
that aren't on the edge of bankruptcy and have travelling representatives
and home workers. These businesses save money by hosting their own mail
services, Web sites, etc. These are the classic entreprenurial types who
like to have control and do things themselves when they can (with a little
help for a consultant). They'll pay three grand for an ISA Server appliance
or a second server that allows a second server with Win2003 and ISA 2000.
It's a write off and the cost amoritized over three years is nominal.

 

The SonicWall box isn't a good solution for these folks, because they got
SBS for mainly for the Exchange 2000 services. The SonicWall doesn't do
secure Exchange RPC Publishing, doesn't provide SSL bridging, requires a
kludgy proprietary non-RFC IPSec NAT-T client, doesn't protect Web sites at
the edge, and doesn't have any pre-authentication modules. 

 

If any business needs to pony up the slightly extra cost for security, its
the small biz. They don't have the slack to handle intrusions and data
destruction and theft. So to put sonicwall or "joe blow's cool firebox neé
NAT router" on the edge of their networks isn't the best thing.

 

Of course, I've run into those same kind of businesses that you're talking
about. They're risk takers, cheapskates, or on the edge going out of
business. For those, I'd get them a 50-150 buck SOHO NAT thing, tell them
the risks, and cross my fingers that they're small enough that security
through obscurity will save them :-) No reason to spend several hundred
bucks on a sonicwall. 

 

Then there are those businsses that have no need to remote access. I don't
see many of those anymore, since most people want to access Exchange from
home. In that case, ISA Server is the firewall of choice for them, whether
they access it using OWA or the "big Outlook" clinent (2000/2003)

 

Tom

 

 

Thomas W Shinder

 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

-----Original Message-----
From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Sunday, July 13, 2003 9:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: ISA on SBS

http://www.ISAserver.org

Tom,

 

The SBS market is for the most part very cost conservative and reluctant to
purchase a second server or appliance to do anything. That?s not to say that
I don?t have clients that use SBS in conjunction with Citrix, NAS, or other
specialty servers, I do, but the majority of my SBS clients are businesses
that had to be convinced to get a server in the first place, so selling them
on the idea of a second server would be very nearly impossible. The question
really isn?t whether or not ISA could be better on a separate box but
whether as integrated is it good enough for what the majority of SBS users
need it to be? For my clients I think so. They don?t host websites or SMTP
email; they don?t use VPN or FTP. Pretty much for them the SBS server is
there to provide more robust internal email, a central backup and connect
everyone to a common high-ish speed internet. Most also use the fax server
feature. For these clients I just can?t see myself convincing them that they
need to purchase SBS without ISA and also purchase ISA separately or as an
ISA appliance (when such a thing exists). It would be a lot of money for a
level of protection that they would not be taking advantage of. I?ll instead
be looking at comparing the price of SBS without ISA + a firewall appliance,
such as Sonicwall vs. SBS with ISA built-in. The other factor will be
management hassle for me and the additional cost to the client to have me
manage a separate ISA or Firewall appliance vs ISA integrated within SBS.
This is a cost-benefit over reality equation.

 

Amy Babinchak

Technology Consultant

Harbor Computer Services

 

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Sunday, July 13, 2003 9:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FYI: ISA on SBS

 

http://www.ISAserver.org



Interesting article on ISA on SBS:

http://www.w2knews.com/index.cfm?id=434

HTH,

Tom

Thomas W Shinder

www.isaserver.org/shinder 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server: http://tinyurl.com/1llp

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---