FW: "ISA" Recommended practices
- From: "Sharma, Shobha" <c-ssharma@xxxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2001 12:21:03 -0400
Still waiting for some suggestions!!!!!!!!!!!!!
-----Original Message-----
From: Sharma, Shobha [mailto:c-ssharma@xxxxxxxxxxx]
Sent: Thursday, July 19, 2001 9:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] "ISA" Recommended practices
http://www.ISAserver.org
Hi All,
Currently we are working with multiple ssl enabled application which are
published to the internet and we are using Proxy 2.0. But as that needs to
be updated so Iam exploring all possible options with ISA server and trying
to find some best solution for our environment.
As the recommended solution:
a) Iam going to put all applications together and host them as links from
the master web site(one certificate) and each application is configured as
virtual directory and ssl is enabled on that directory. the master web site
default page is non ssl (currently each app. is independent site and
configured with proxy 2.0 server publishing)
b) We are using server publishing feature of Proxy 2.0 so our web server is
a winsock client
c) there is a interna firewall between proxy and web server which accepts
all the connections from Proxy server
I need to upgrade or replace proxy with ISA(or may be some other server if
ISA doesn't meet the requirement)
I worked with server publishing on ISA but that is not good as it forwards
the internet client ip address to web server and our internal firewall drops
it. I tried web publishing and used SSL bridging and ISA does deencryption
and reencryption and the overhead involved will be high, Approx. 3-5 secs
per transaction. All the applications we are hosting are public applications
and we foresee lot of traffic in next 6 months. So I am not sure about ssl
brdging is best for us or not. The third option is to use ISA same way we
are working with Proxy 2.0, so install firewall client 9which is winsock
client) on web server and go ahead with that.
Pls give me some suggestions what solution I should adopt. Also how to
improve performance and fault tolerance. Should I use NLB for fault
tolerance. How to enable reverse caching or is it enabled by default?
Thanks in advance.
Shobha Sharma
Office of Information Systems
Bureau of Technology Engineering
Room 13c Willow Oak Bldg, Box 2675
Harrisburg, PA 17105-2675
717-772-7204 Desk
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
c-ssharma@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
To customise your settings for the list, kindly visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
