RE: An Alternative Solution VS SBS on one Physical Server

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 10 Jan 2005 20:45:25 -0800

Still looks like the hard way.
Use of technology for its own sake isn't worth the paper its printed on.
Adding ISA to a domain for "management convenience" is equivalent to
making all users local admins for "convenience".


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] 
Sent: Monday, January 10, 2005 5:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical
Server

http://www.ISAserver.org

Jim,
> - ISA does not need to be on the same machine as the DC to be a domain
> member.
Agree!

> - ISA 2004 does not need to be a domain member for web traffic
control;
> what non-HTTP/FTP traffic do you intend to allow?

Put ISA 2004 in a domain is  for management convinience!

> 1 - Lose the host OS ands all other servers die a horrible death as
> well, including ISA
With good backup solution, it must be okay!

> 2 - The host is not protected by ISA; what are you doing to keep the
bad
> guys out?
Host can't be access by Wan because no TCP/IP protocol bundled, Wan
access is through virtual bridged NIC (to physical Wan NIC) in guest ISA
Box

Make Sense?

Roy Tsao
----- Original Message ----- 
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, January 10, 2005 10:23 PM
Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical
Server


> http://www.ISAserver.org
>
> - ISA does not need to be on the same machine as the DC to be a domain
> member.
> - ISA 2004 does not need to be a domain member for web traffic
control;
> what non-HTTP/FTP traffic do you intend to allow?
>
> There are some serious issues you're missing out on here; for
instance:
> 1 - Lose the host OS ands all other servers die a horrible death as
> well, including ISA
> 2 - The host is not protected by ISA; what are you doing to keep the
bad
> guys out?
>
> There are practical limits to virtualization; the least of which is
$$.
>
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://isaserver.org/Jim_Harrison/
>  http://isatools.org
>  Read the help / books / articles!
>
>
>
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Sunday, January 09, 2005 9:42 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical
> Server
>
> http://www.ISAserver.org
>
> Amy,
>
> Your suggestion "put ISA on one box, Windows 2003 with VMware and the
> guest
> servers on this box" can't fit the requirement to put ISA box join
> the DC, ISA box needs to be a domain memember for traffic control!
>
> Roy
> ----- Original Message ----- 
> From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, January 10, 2005 1:25 PM
> Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical
> Server
>
>
> http://www.ISAserver.org
>
> The VMware license cost is one additional cost, but the cost of the
> additional server licenses vs. SBS is still quite significant.
>
> If the main concern is to minimize physical servers and maximize
> security then put ISA on one box, Windows 2003 with VMware and the
guest
> servers on this box.
>
> Amy
>
>
>
>
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Sunday, January 09, 2005 10:59 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical
> Server
>
> http://www.ISAserver.org
>
> What I am trying to do is to minimized cost of taking
> addtional units of physical servers while both security
> and function shall not be compromised. For SBS, it is
> of course a 1st option but in our envirnoment, we need
> more function more than SBS, that's why I want to uprise
> such a solution VS SBS.
> As for license charge, I merely regards the Vitual server
> as actual one, it means we must pay for it for any server
> need to install, and then disgard comparision of charge
> with SBS.
>
> Thanks,
>
> Roy Tsao
> ----- Original Message ----- 
> From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, January 10, 2005 6:05 AM
> Subject: [isalist] RE: An Alternative Solution VS SBS on one Physical
> Server
>
>
> http://www.ISAserver.org
>
> I think that it is a good idea but it is a whole lot more expensive
than
> 1 SBS Premium license at $1,450. How deep are your pockets? Is the
extra
> cost worth it, in terms of function or security? These are the
questions
> yet to be answered.
>
> Amy
>
>
>
> -----Original Message-----
> From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> Sent: Sunday, January 09, 2005 10:49 AM
> To: [ISAserver.org Discussion List]
> Cc: Jim@xxxxxxxxxxxx
> Subject: [isalist] An Alternative Solution VS SBS on one Physical
Server
>
> http://www.ISAserver.org
>
>
> In my past post, I want to implement a more wider service
> Like ISA/SQL/DC etc. on one phsical server. For security
> Concern, so far the recommendation from ISAServer forum
> Is to use SBS. However we could have one more idea by utilizing
> Vmware GSX server like below for my network:
>  - Host OS: Windows Server 2003 (two NICs)
>             External NIC: any but no DG IP
>             Internal NIC: 192.168.0.2/255.255.255.0
>  - two Guest Server (Through Vmware GSX):
>             1) Windows Server 2003 running as DC (one vitual NIC)
>                IP: 192.168.0.3/255.255.255.0
>                (bridged to Host Internal NIC)
>
>             2) Windows Server 2003 running as ISA2K4 (one vitual
> NIC)
>                IP: 192.168.0.1/255.255.255.0
>                (bridged to Host Internal NIC)
>  Network frame:
>    Wan connection: ADSL PPOE connection through Guest Server 2)
>                    Host Server and other Lan PC's connection to
>                    Wan through Gateway 192.168.0.1 like a physical
>                    ISA2K4 Box
>
>    Lan connection: Guest Server 1) as DC/DNS/DHCP server
>
>    Firewall protectiont o Host Server from External NIC:
>      enable firewall protection, close up all communication port
> through
>      TCP/IP
>
> Dear Jim and other cool guys, is that a good idea suppose the host
> server
> Has engouth CPU capacity and RAM?
>
> Thanks for your suggestion in advance!
>
> Roy Tsao
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> roy_tsao@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> roy_tsao@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> roy_tsao@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2005