Well... I suppose it comes down to the scenario and requirements of the company. A case might be able to be made using Server 2008 Core with Hyper-V (which should be very well hardened) for a highly available web solution encapusated in a Server 2008 Core Failver Cluster. As a hosting provider, I can see the potential for a service offering that includes a full "pod" of virtual servers. As a hosting customer, having direct control over firewall policies may have appeal. I think the same argument could be made for ESX Server, too, since it is a hypervisor and so has a very small attack surface (if any?). I'm taking a stab in the dark answering your question (and may be reaching) but this is what I thought of. ;) On 8/26/08, John Wilson <John@xxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > A little off topic here, but to me the question isn't necessarily whether > or not the ISA Server is supported in a virtual environment, but whether you > would really **want** to do that. If a virtual host platform (be it > Microsoft Hyper-V, ESX, or Virtual Server 2005) has an ISA virtual machine, > then you have a NIC connected either directly or indirectly to what ISA > considers the outside world (either directly to the ISP, or to the Cisco > router connected to the ISP, or what have you). Even with VLANS that concept > would make me extremely nervous. > > > > The only way I would validate an ISA virtual machine would be if the ISA > server was only acting in Web proxy mode behind other firewalls for general > security, or if the ISA virtual box was the second box in a chained or > back-to-back config. It's just that in a virtual environment, you'd have to > worry about hardening the host and Guest OS. > > > > However, you guys may be more experienced than I and have a different > perspective. Correct me if I'm wrong. > > > > Sincerely, > > > > John C. Wilson > > > ------------------------------ > > *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > *On Behalf Of *Jerry Young > *Sent:* Tuesday, August 26, 2008 12:20 PM > *To:* isalist@xxxxxxxxxxxxx > *Subject:* [isalist] Re: Virtualising ISA > > > > Doncha just love arguing semantics? :) > > > > My problem with linking the SVVP page (or even 944987) to this KB Article: > The KB Article topic is *supported** *virtualization environments. I see > it as guilt by association. > > > > I just don't think it is 1) realistic or 2) pratical to assume that the > majority of readers who are looking for a statement of support are going to > dig to the level required to understand that a non-Microsoft virtualization > environment is not supported for any of the applications listed. > > > > A simple statement as an additional note at the end of the introduction > section that states something like, "At this time, the applications listed > in this KB Article are only supported on Hyper-V; non-Microsoft > virtualization environments are not supported. As this changes, updates > will be reflected." would really make this discussion go away. ;) > > > It's like being told to read the fine print: we all know we have to but are > irritated that it can't just simply be put forth up front because of the > frustration it causes. > > > > You're right, though. The reader should take enough of an interest to > fully understand what's written. That's simple due diligence. I'm just > saying make it easier to do so. :) > > > On 8/26/08, *Jim Harrison* <Jim@xxxxxxxxxxxx> wrote: > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > While it's true that the burden of communication rests primarily with the > speaker, some of the responsibility rests with the listener (reader) to > actually absorb the content. If you're only looking for keywords and > -phrases, you'll find what you seek. > > In fact, this is stated on the SVVP page; which coincidentally, is the > reference point for the SVVP program. This is why only Hyper-V is listed in > this KB. The last thing we need is multiple places to clean up when (not > if) the support statement changes for the various 3rd-party virtualization > offerings. > SVVP is the primary place to go and this is why it's "linked to" from that > KB. > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jerry Young > Sent: Tuesday, August 26, 2008 7:35 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Virtualising ISA > > Jim, > > "Right now, there are *_NO_* validated non-MS platforms." > > This is what needs to be clearly stated. Again, depending on how you read > it, a user may not get this. My point is really simply that; when > specifically put forth in the same way you just put it, there's no room for > argument. My guess is a lot of users out there will read into this the same > way I did (optimistically), or worse yet, move forward thinking that support > will come, only to run into an issue with said support when a problem occurs > that requires it. At the end of the day, fair or not, Microsoft gets the > black eye. By making it clear (without having to dig through links and > guess at implied statements) upfront, I think greater value and service to > the customers is provided. > > > On 8/26/08, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > It's only misleading if you read into it. Let's take each bullet in > turn: > > * Windows Server 2008 with Hyper-V > * Microsoft Hyper-V Server 2008 > [Jim] - ok; we'll take two at a time. Hyper-V Server and Windows > 2008 with Hyper-V are the same thing from the guest OS perspective and ISA > is supported there. > > * Supported partners' virtualization software > For more information, click the following article number to > view the article in the Microsoft Knowledge Base: > 944987 (http://support.microsoft.com/kb/944987/) Support > partners for non-Microsoft hardware virtualization software > [Jim] This article doesn't list supported virtualization > products. It lists virtualization support partners. Novel has signed on to > help provide support for non-MS virtualization; nothing more. The bullet > title in this article is misleading, but the article linked to is not. > > * Server Virtualization Validation Program (SVVP) > For more information, visit the following Microsoft Web site: > http://www.windowsservercatalog.com/svvp/ ( > http://www.windowsservercatalog.com/svvp/) > [Jim] - go read this link. Right now, there are *_NO_* validated > non-MS platforms. Therefore, there are no supported 3rd-party hardware > virtualization products (yet). Therefore, no Microsoft products are > supported on 3rd-party virtualization. The vendors listed on that site are > "participating"; their products *_have not_* completed testing. > > Jim > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto: > isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young > Sent: Tuesday, August 26, 2008 7:02 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Virtualising ISA > > Jim, > > Then the KB Article 957006 is extremely misleading. :( > > Here's an excerpt (in full) taken from the Introduction section. > > This article discusses the support policy for running Microsoft > server software in the following supported virtualization environments: > > > * Windows Server 2008 with Hyper-V > * Microsoft Hyper-V Server 2008 > * Supported partners' virtualization software > For more information, click the following article number to > view the article in the Microsoft Knowledge Base: > 944987 (http://support.microsoft.com/kb/944987/) Support > partners for non-Microsoft hardware virtualization software > * Server Virtualization Validation Program (SVVP) > For more information, visit the following Microsoft Web site: > http://www.windowsservercatalog.com/svvp/ ( > http://www.windowsservercatalog.com/svvp/) > > In my interpreted version of this statement into layman terms, I > read it as saying all of the bulleted environments are supported; > specifically, any environment that is part of the Server Virtualization > Validation Program. > > If you visit that page, VMWare, Inc. is listed as a participating > vendor. If you then visit the Support link from that page, the first > sentence states, "Technical support will be available for customers running > a Windows Server operating system on a validated third-party > hypervisor." Since ESX Server is a hypervisor and participation implies (at > this time, based on language) validation, the support statement does appear > to be transitive. > > I could not find anything specifically stating that the applications > identified in the KB Article are only currently being supported in Hyper-V > virtualized environments. > > If Microsoft is going to withhold support of the applications > identified in the KB Article on other vendor's virtualization environments, > then some kind of language should be used indicating that such support is > pending [insert qualifier]. > > Just my $0.02 worth. > > On 8/26/08, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > That KB lists the products that are supported on Hypervisor. > Greg's questions was specific to VMWare ESX. > > This will be a very sticky question and > http://support.microsoft.com/kb/897615/ provides the support limits. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto: > isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young > Sent: Tuesday, August 26, 2008 3:46 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Virtualising ISA > > Greg, > > ISA Server is supported. > > See the following KB Article for the full details on all > supported virtualized applications from Microsoft. > > http://support.microsoft.com/kb/957006 > > On 8/26/08, Greg Mulholland <greg@xxxxxxxxxxxxxx> wrote: > > http://www.ISAserver.org <http://www.isaserver.org/> > > ------------------------------------------------------- > > Jim and/or others > > Is there an official standpoint from MS as to > supported requirements for ISA virtualised in production environments? > (specifically ESX) > > Cheers > > Greg > ------------------------------------------------------ > List Archives: > //www.freelists.org/archives/isalist/ > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our > other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > -- > Cordially yours, > Jerry G. Young II > Microsoft Certified Systems Engineer > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other > sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > -- > Cordially yours, > Jerry G. Young II > Microsoft Certified Systems Engineer > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > -- > Cordially yours, > Jerry G. Young II > Microsoft Certified Systems Engineer > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > -- > Cordially yours, > Jerry G. Young II > Microsoft Certified Systems Engineer > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.138 / Virus Database: 270.6.7/1631 - Release Date: 8/24/2008 > 12:15 PM > -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer