RE: ISA Arrary - redunant/failover?
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 8 Sep 2005 09:10:43 -0700
Ah - the old multi-redundant WAN...
The problem with using client-side failover is that it depends
completely on how the client determines "availability" and how it (fails
to) handle failback as well.
You *can* deploy ISA EE servers in a single array across those links,
but what you'll actually achieve is not what you seek.
The other problem is what "down" means - just because the ISA responds
doesn't mean the Internet link is alive.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Thursday, September 08, 2005 07:16
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Arrary - redunant/failover?
http://www.ISAserver.org
Yes they can. Bit more of the configuration
We have the three offices as I mentioned before, Office A, B and C
All desktops are configured as firewall clients as well as proxy clients
so for instance Office A firewall client is configured to look at Office
A firewall and Office B firewall client is configured to look at Office
B firewall. At present Office C firewall client is configured to look at
either Office A or B but normally Office A as this is a faster
connection. This config is done via the WPAD and DHCP
Office A has a 2mbit leased line connection to Office B but also has a
10mbit laser link to Office C - Default gateway is router that connects
the links together
Office B has a 2mbit leased line connection to Office B and also another
2mbit leased line connection to Office C - Default gateway is router
that connects links together
Office C has a 10mbit laser link to Office A and a 2mbit leased line
connection to Office B - Default gateway is router that connects links
together
In the event that the Office A ISA 2004 SE goes down we want clients to
move across to Office B for the moment but sometime in the future we
will also have an ISA in Office C as well.
Hope this helps and is not to confusing
Paul Crisp
Snr Network Support Analyst
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 08 September 2005 15:04
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Arrary - redunant/failover?
http://www.ISAserver.org
Can users in one office even see the "backside" of the ISA in the other
office?
-----Original Message-----
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Thursday, September 08, 2005 6:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Arrary - redunant/failover?
http://www.ISAserver.org
What would be the best way to deploy them, I'm open to suggestions as we
are only using ISA 2004 SE in two offices at the moment.
Paul Crisp
Snr Network Support Analyst
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 08 September 2005 14:47
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Arrary - redunant/failover?
http://www.ISAserver.org
That would depend on how you deploy them.
Also, consider that in an Enterprise array, the configuration data
that's delivered to the web proxy and firewall clients will contain
*all* of the array members.
This will cause web proxy and firewall clients to use any of the listed
ISA servers as the *client* deems necessary according to the CARP
algorithm and how the client determines the health of the last known
ISA.
-----Original Message-----
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Thursday, September 08, 2005 2:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Arrary - redunant/failover?
http://www.ISAserver.org
Is there any problem with using array over different subnets and
therefore providing LAN redundancy?
Paul Crisp
Snr Network Support Analyst
________________________________
From: Geldrop, Paul van [mailto:paul.van.geldrop@xxxxxxxxxxxxx]
Sent: 08 September 2005 08:57
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] ISA Arrary - redunant/failover?
Options available to you:
- Use an Enterprise edition array consisting of multiple ISA servers.
This will ensure connectivity for your LAN clients should one of the
servers fail. It will, however, not ensure connectivity in case your
WAN-connection goes bye-bye.
- Use an Enterprise edition array consisting of multiple ISA servers and
a redundant WAN connection
This will ensure connectivity for your LAN clients should one of the
servers fail. Using a product like Rainconnect (correct me if I'm wrong,
gentlemen ?), will ensure connectivity in case your WAN-connection goes
bye-bye.
Of course, there are other points of failure you will have to consider
(redundant switches/routers at LAN-level, etc). Question is, how
desperate are you to maintain Web access for your clients ?
You will not be able to realise this scenario with one ISA 2000 Server.
You will have to examine the various options and identify the one
component in your set-up that is most likely to fail. Or, if you have
enough budget for it, implement all of the options. :P
PS: You can also Standard edition arrays, but you will have to configure
NLB manually and maintain an actual configuration on both servers
through import/export-procedures instead of being able to use central
storage for the ISA array configuration.
Regards,
Paul.
________________________________
From: Danny [mailto:nocmonkey@xxxxxxxxx]
Sent: Wed 9/7/2005 5:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Arrary - redunant/failover?
http://www.ISAserver.org
Goal: provide LAN clients with redunant access to the web, where
current configuration consists of one ISA 2000 server.
Would an ISA array be most suitable to accomplish this goal, or NLB,
or just another router/gateway?
Thank you,
...D
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul.van.geldrop@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pcrisp@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pcrisp@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
