Still looks like the hard way. Use of technology for its own sake isn't worth the paper its printed on. Adding ISA to a domain for "management convenience" is equivalent to making all users local admins for "convenience". Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Monday, January 10, 2005 5:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical Server http://www.ISAserver.org Jim, > - ISA does not need to be on the same machine as the DC to be a domain > member. Agree! > - ISA 2004 does not need to be a domain member for web traffic control; > what non-HTTP/FTP traffic do you intend to allow? Put ISA 2004 in a domain is for management convinience! > 1 - Lose the host OS ands all other servers die a horrible death as > well, including ISA With good backup solution, it must be okay! > 2 - The host is not protected by ISA; what are you doing to keep the bad > guys out? Host can't be access by Wan because no TCP/IP protocol bundled, Wan access is through virtual bridged NIC (to physical Wan NIC) in guest ISA Box Make Sense? Roy Tsao ----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, January 10, 2005 10:23 PM Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical Server > http://www.ISAserver.org > > - ISA does not need to be on the same machine as the DC to be a domain > member. > - ISA 2004 does not need to be a domain member for web traffic control; > what non-HTTP/FTP traffic do you intend to allow? > > There are some serious issues you're missing out on here; for instance: > 1 - Lose the host OS ands all other servers die a horrible death as > well, including ISA > 2 - The host is not protected by ISA; what are you doing to keep the bad > guys out? > > There are practical limits to virtualization; the least of which is $$. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > > > > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > Sent: Sunday, January 09, 2005 9:42 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical > Server > > http://www.ISAserver.org > > Amy, > > Your suggestion "put ISA on one box, Windows 2003 with VMware and the > guest > servers on this box" can't fit the requirement to put ISA box join > the DC, ISA box needs to be a domain memember for traffic control! > > Roy > ----- Original Message ----- > From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Monday, January 10, 2005 1:25 PM > Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical > Server > > > http://www.ISAserver.org > > The VMware license cost is one additional cost, but the cost of the > additional server licenses vs. SBS is still quite significant. > > If the main concern is to minimize physical servers and maximize > security then put ISA on one box, Windows 2003 with VMware and the guest > servers on this box. > > Amy > > > > > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > Sent: Sunday, January 09, 2005 10:59 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical > Server > > http://www.ISAserver.org > > What I am trying to do is to minimized cost of taking > addtional units of physical servers while both security > and function shall not be compromised. For SBS, it is > of course a 1st option but in our envirnoment, we need > more function more than SBS, that's why I want to uprise > such a solution VS SBS. > As for license charge, I merely regards the Vitual server > as actual one, it means we must pay for it for any server > need to install, and then disgard comparision of charge > with SBS. > > Thanks, > > Roy Tsao > ----- Original Message ----- > From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Monday, January 10, 2005 6:05 AM > Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical > Server > > > http://www.ISAserver.org > > I think that it is a good idea but it is a whole lot more expensive than > 1 SBS Premium license at $1,450. How deep are your pockets? Is the extra > cost worth it, in terms of function or security? These are the questions > yet to be answered. > > Amy > > > > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > Sent: Sunday, January 09, 2005 10:49 AM > To: [ISAserver.org Discussion List] > Cc: Jim@xxxxxxxxxxxx > Subject: [isalist] An Alternative Solution VS SBS on one Physical Server > > http://www.ISAserver.org > > > In my past post, I want to implement a more wider service > Like ISA/SQL/DC etc. on one phsical server. For security > Concern, so far the recommendation from ISAServer forum > Is to use SBS. However we could have one more idea by utilizing > Vmware GSX server like below for my network: > - Host OS: Windows Server 2003 (two NICs) > External NIC: any but no DG IP > Internal NIC: 192.168.0.2/255.255.255.0 > - two Guest Server (Through Vmware GSX): > 1) Windows Server 2003 running as DC (one vitual NIC) > IP: 192.168.0.3/255.255.255.0 > (bridged to Host Internal NIC) > > 2) Windows Server 2003 running as ISA2K4 (one vitual > NIC) > IP: 192.168.0.1/255.255.255.0 > (bridged to Host Internal NIC) > Network frame: > Wan connection: ADSL PPOE connection through Guest Server 2) > Host Server and other Lan PC's connection to > Wan through Gateway 192.168.0.1 like a physical > ISA2K4 Box > > Lan connection: Guest Server 1) as DC/DNS/DHCP server > > Firewall protectiont o Host Server from External NIC: > enable firewall protection, close up all communication port > through > TCP/IP > > Dear Jim and other cool guys, is that a good idea suppose the host > server > Has engouth CPU capacity and RAM? > > Thanks for your suggestion in advance! > > Roy Tsao > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > roy_tsao@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > roy_tsao@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > roy_tsao@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.