[windows2000] Re: Virtual ISA Server

  • From: Chris Buechler <win2000@xxxxxxxxxxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Fri, 30 Nov 2007 00:39:46 -0500

Ray Costanzo wrote:

Hi list,

Although I don’t think that I want to do this, when the thought came through my head, I wasn’t able to determine the answer to this question. Would it be technically possible to have a virtual ISA server that is in a DMZ that is protecting the host operating system that is behind the DMZ?

Possible, yes. Probably not a good idea though.

I'll explain how with VMware Workstation or Server as I'm most familiar with them. I presume a hosted product like ESX is out of the question since you mentioned protecting the host, it's probably a better idea to run the protected machine as a VM as well though.

With VMware Server, you can bind only the VMware bridge protocol to your outside NIC, bind the ISA VM's outside interface to a VMnet bridged to that interface, and bind the ISA VM's inside interface to the VMnet on the interface your host uses.

A bad idea because a misconfiguration could leave your host OS wide open and outside of your ISA machine. It would be acceptable to do this in some environments with ESX, that depends on the specific situation and your level of risk tolerance. It's much safer with ESX.
New Site from The Kenzig Group!
Windows Vista Links, list options and info are available at:
***************************** To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts: