- ISA does not need to be on the same machine as the DC to be a domain member. - ISA 2004 does not need to be a domain member for web traffic control; what non-HTTP/FTP traffic do you intend to allow? There are some serious issues you're missing out on here; for instance: 1 - Lose the host OS ands all other servers die a horrible death as well, including ISA 2 - The host is not protected by ISA; what are you doing to keep the bad guys out? There are practical limits to virtualization; the least of which is $$. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Sunday, January 09, 2005 9:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical Server http://www.ISAserver.org Amy, Your suggestion "put ISA on one box, Windows 2003 with VMware and the guest servers on this box" can't fit the requirement to put ISA box join the DC, ISA box needs to be a domain memember for traffic control! Roy ----- Original Message ----- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, January 10, 2005 1:25 PM Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical Server http://www.ISAserver.org The VMware license cost is one additional cost, but the cost of the additional server licenses vs. SBS is still quite significant. If the main concern is to minimize physical servers and maximize security then put ISA on one box, Windows 2003 with VMware and the guest servers on this box. Amy -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Sunday, January 09, 2005 10:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical Server http://www.ISAserver.org What I am trying to do is to minimized cost of taking addtional units of physical servers while both security and function shall not be compromised. For SBS, it is of course a 1st option but in our envirnoment, we need more function more than SBS, that's why I want to uprise such a solution VS SBS. As for license charge, I merely regards the Vitual server as actual one, it means we must pay for it for any server need to install, and then disgard comparision of charge with SBS. Thanks, Roy Tsao ----- Original Message ----- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, January 10, 2005 6:05 AM Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical Server http://www.ISAserver.org I think that it is a good idea but it is a whole lot more expensive than 1 SBS Premium license at $1,450. How deep are your pockets? Is the extra cost worth it, in terms of function or security? These are the questions yet to be answered. Amy -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Sunday, January 09, 2005 10:49 AM To: [ISAserver.org Discussion List] Cc: Jim@xxxxxxxxxxxx Subject: [isalist] An Alternative Solution VS SBS on one Physical Server http://www.ISAserver.org In my past post, I want to implement a more wider service Like ISA/SQL/DC etc. on one phsical server. For security Concern, so far the recommendation from ISAServer forum Is to use SBS. However we could have one more idea by utilizing Vmware GSX server like below for my network: - Host OS: Windows Server 2003 (two NICs) External NIC: any but no DG IP Internal NIC: 192.168.0.2/255.255.255.0 - two Guest Server (Through Vmware GSX): 1) Windows Server 2003 running as DC (one vitual NIC) IP: 192.168.0.3/255.255.255.0 (bridged to Host Internal NIC) 2) Windows Server 2003 running as ISA2K4 (one vitual NIC) IP: 192.168.0.1/255.255.255.0 (bridged to Host Internal NIC) Network frame: Wan connection: ADSL PPOE connection through Guest Server 2) Host Server and other Lan PC's connection to Wan through Gateway 192.168.0.1 like a physical ISA2K4 Box Lan connection: Guest Server 1) as DC/DNS/DHCP server Firewall protectiont o Host Server from External NIC: enable firewall protection, close up all communication port through TCP/IP Dear Jim and other cool guys, is that a good idea suppose the host server Has engouth CPU capacity and RAM? Thanks for your suggestion in advance! Roy Tsao ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: roy_tsao@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: roy_tsao@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.