[isalist] Re: ISA 2004 SE with Virtual Server guest: SQL 2005?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 4 May 2006 18:42:30 -0500
http://www.ISAserver.org
-------------------------------------------------------
Hi Edgardo,
Your scenarios are quite a bit different than the security heresy that
is SBS. Inline....
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Edgardo Balansay
> Sent: Thursday, May 04, 2006 6:33 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] ISA 2004 SE with Virtual Server guest: SQL 2005?
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi list,
>
> I know the drill, there should not be any other software on the same
> box as ISA 2004, even Anti Virus software on the same box is
> questioned/critiqued. Oh and 'firewalls have 2 NICS' ;)
>
> However, maybe the following is also somewhat permissible like the AV
> discussion:
>
> Scenario 1:
> We would like for ISA to log to SQL 2005, instead of bringing up a new
> box and only installing SQL 2005, what does the list suppose of
> installing MS Virtual Server 2005 R2 on the same box as ISA 2004, and
> running SQL 2005 in 1 Virtual Server on ISA?
>
> Our ISA server does not appear that overly worked, has plenty of RAM,
> most of which is being consumed by MSDE logging. This way ISA is
> almost the 'only' software installed on Windows 2003 Server (besides
> Virtual Server). Yes each OS, and even SQL will have their own SCSI
> HD array spindles. SQL will also get its own NIC...or using Virtual
> Server, I suppose an 'internal Virtual Network' can be used to
> communicate with ISA?...
Since technically the VM isn't a public facing device, I don't see a big
problem with it. However, I don't know how robust the virtual networking
is with Virtual Server. There's a LOT of traffic that might need to move
through that virtual network interface.
>
> Scenario 2: (Less likely to transpire.)
> Perhaps a Virtual Machine on ISA is not necessary, and we can install
> SQL 2005 'side by side' next to ISA on the same box? Since we do not
> want to log anything else to this SQL instance, obviously all ports
> that SQL uses will remain 'closed' to the local host (which would also
> be ISA). Can ISA SQL logging connect to a local SQL Server engine
> (not MSDE)?
This would be a better perforamnce solution, and you also don't need to
worry about limitations of the virtual network interface. This is no
different than running MSDE on-box, so I'd go with this solution.
This scenarios are *nothing* like the running a DC/Exchange/Web
site/collaboration site on your firewall :)
>
> -------------------------------------------------------
> Sorry if this is going to be regarded the same as having ISA installed
> along with Domain Controllers, or ISA with Exchange =). But I'm
> thinking SQL running in a Virtual Server on ISA using Virtual internal
> networks would suffice?
>
> Thanks again list!
> Edgardo
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
