Re: ISA Enterprise Edition and Active Directory
- From: Memet Anwar <memet@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 1 Apr 2003 13:31:46 +0700
Hi Shane,
I agree with Jim, Ent. Array only gives centralized management, etc.
For load balancing and redundancy you might want to consider using Win2K
Network Load Balancing.
Here we use W2K NLB to create a virtual IP that maps to proxy.ourdomain.com.
Users browser are configured to use that DNS record as their proxy (enforced
using AD Group Policy). The firewall clients are also setup to use the same
record as their ISA Server.
So far we never had problems with this configuration. When one of the
servers down for maintenance, the other will take over all the loads.
Regards,
memet@xxxxxxxxxxxxx
MCSE (sort of ..)
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Tuesday, April 01, 2003 8:00 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA Enterprise Edition and Active Directory
>
>
> http://www.ISAserver.org
>
>
> The first thing I would do is rethink my strategy as to load
> balancing and redundancy.
>
> Enterprise Arrays get you:
> 1. Centralized management of multiple ISA Servers with all
> the bennies of differing array policies 2. CARP; a
> cache-sharing mechanism that helps to "spread the wealth" of
> the associated ISA Server cache drives and RAM 3. CARP
> support in wpad or /array.dll?Get.Routing.Script (allows the
> client to "walk the list" of servers)
>
> ..notice how none of the above items include the words
> "failover" or "redundancy"? The reason is that (IMHO) any
> failover technique that depends on the client making
> informed decisions regarding the state of a remote server is
> doomed to failure.
>
> DNS Round Robin is another example of such a technique. The
> state of any given server is never fully understood by the
> clients it serves. Consequently, long timeouts and
> unwarranted failures are often the result of a dependency on
> this kind of load-balancing or failover choice.
>
> Unless $$ are the primary factor in this chice (unlikely,
> since you can afford $5K per CPU license), then you should
> investigate a separate software or hardware solution.
>
> Both http://microsoft.com/isaserver/partners and
> http://isaserver.org include long lists of both items.
> Something there should fit the bill quite nicely for you.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
> http://isaserver.org/Jim_Harrison
> http://isatools.org
>
> Read the help, books and articles!
> ----- Original Message -----
> From: "shane mullins" <tsmullins@xxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, March 31, 2003 11:27
> Subject: [isalist] ISA Enterprise Edition and Active Directory
>
>
> http://www.ISAserver.org
>
>
> Hello,
>
> We currently have two ISA servers running in integrated
> mode as standalone servers. We are moving them to an array
> with Windows 2000 Advanced Server and ISA Enterprise edition
> for load balancing and redundancy. Of course with ISA
> Enterprise Edition and an Array the array members must have
> Active Directory installed and configured. I have read
> that, for security reasons, the ISA boxes be in a seperate
> AD container.
> My question is, how would you set up AD on your array members?
>
> Thanks
> Shane
>
Other related posts:
