http://www.ISAserver.org ------------------------------------------------------- Hi Edgardo, Your scenarios are quite a bit different than the security heresy that is SBS. Inline.... Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Edgardo Balansay > Sent: Thursday, May 04, 2006 6:33 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] ISA 2004 SE with Virtual Server guest: SQL 2005? > > http://www.ISAserver.org > ------------------------------------------------------- > > Hi list, > > I know the drill, there should not be any other software on the same > box as ISA 2004, even Anti Virus software on the same box is > questioned/critiqued. Oh and 'firewalls have 2 NICS' ;) > > However, maybe the following is also somewhat permissible like the AV > discussion: > > Scenario 1: > We would like for ISA to log to SQL 2005, instead of bringing up a new > box and only installing SQL 2005, what does the list suppose of > installing MS Virtual Server 2005 R2 on the same box as ISA 2004, and > running SQL 2005 in 1 Virtual Server on ISA? > > Our ISA server does not appear that overly worked, has plenty of RAM, > most of which is being consumed by MSDE logging. This way ISA is > almost the 'only' software installed on Windows 2003 Server (besides > Virtual Server). Yes each OS, and even SQL will have their own SCSI > HD array spindles. SQL will also get its own NIC...or using Virtual > Server, I suppose an 'internal Virtual Network' can be used to > communicate with ISA?... Since technically the VM isn't a public facing device, I don't see a big problem with it. However, I don't know how robust the virtual networking is with Virtual Server. There's a LOT of traffic that might need to move through that virtual network interface. > > Scenario 2: (Less likely to transpire.) > Perhaps a Virtual Machine on ISA is not necessary, and we can install > SQL 2005 'side by side' next to ISA on the same box? Since we do not > want to log anything else to this SQL instance, obviously all ports > that SQL uses will remain 'closed' to the local host (which would also > be ISA). Can ISA SQL logging connect to a local SQL Server engine > (not MSDE)? This would be a better perforamnce solution, and you also don't need to worry about limitations of the virtual network interface. This is no different than running MSDE on-box, so I'd go with this solution. This scenarios are *nothing* like the running a DC/Exchange/Web site/collaboration site on your firewall :) > > ------------------------------------------------------- > Sorry if this is going to be regarded the same as having ISA installed > along with Domain Controllers, or ISA with Exchange =). But I'm > thinking SQL running in a Virtual Server on ISA using Virtual internal > networks would suffice? > > Thanks again list! > Edgardo > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx