RE: ISA on SBS webcast

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 21 Nov 2005 15:56:13 -0400

I have done it both ways....Takes an hour longer, but as the total setup
time is a fixed rate...it don't cost the customer any extra...

Steve 

-----Original Message-----
From: sbradcpa@xxxxxxxxxxx [mailto:sbradcpa@xxxxxxxxxxx] 
Sent: Monday, November 21, 2005 2:12 PM
To: ISA Mailing List
Subject: [isalist] ISA on SBS webcast

http://www.ISAserver.org

Man the stereotypes in these threads :-)

A couple of things of interest here....

At SMBnation last year Mike Iem asked someone from the ISA team [not Jim
I'm sure prob dark side of marketing] to represent ISA at SMBnation but
they didn't accept [I don't know if a booth fee was involved or not
...just that there wasn't any ISA representation other than Jim Harrison
and Amy and the rest of us going 'man...you should have presented...why
was Sonicwall here?'

ISA 2004 is finally a platform that the SBS consultant doesn't have to
read Excel files to figure out what's going on.  ISA 2000 wasn't ready. 
2004 is.  You are seeing a maturing of ISA that finally has the balance
of flexibility and monitoring/logging so that it makes sense now.

You can see it in the marketplace as well, folks aren't going
...oooh....
ISA....isn't that hard?  Now they are saying ...hey the cool stuff in
the monitoring tab and other such things.....

Yes folks, this is about supportability.  You don't own that SBS box,
you have a fiduciary responsibility to that business owner to install a
system in a manner that Mothership Los Colinas doesn't go "what the heck
did you do with that SBS setup?'

I challenge all of you to take a SBS box [vmware or vpc]  install it
with duhfaults [as a friend of mine would say on another listserve] and
run the Connect to Internet wizard.

Now... take a SBS box and stand it up manually...no wizards... all by
hand.

Okay now calculate a bill and present each one to your customer.

Which one is that client going to pay for?

How much more security is he getting?

Questions to ask yourself... is the manual method so much more secure
that
the client is willing to pay for your time?   Open up the icwtext.log
file
and see the umpteen selections there.  Can you honestly say that a
totally manual method is vastly superior over the using the wizard and
then adjusting to the clients needs?

If the client is that keen on a secure setup... then more than likely
they'd be spending the money on additional hardware and operating
licenses to split services and what not.

The 'balanced way' is to stand it up with the wizards and 'then' you
tweak.  You get that box up to a known state and then you start adding
your needs.

As an example....I have yet to be convinced that naming a SBS box
anything other than .local gives me any more choices for configuration
than I already have.  Again, we're dealing with a small business and for
the vast majority of them, I'm not seeing that they benefit from
deviation from the install routine.

Once they are built... then yes, start building your own rule sets,
adjusting whatever you'd like, but I guess I'm just not convinced that
not using them is of benefit both in terms time spent to manually setup
a SBS box and then to ensure it's been set up appropriately.

Understand the wizards, but you'd be hard pressed to convince me that
not using them provides any greater benefit, value for what you get and
bang for the buck.

Like someone said on the Focus on MS list... let's stop with the
religious
wars.   These days a firewall runs on an operating system.  One that can
be secure or insecure depending on how you set it up.

I would still argue that for that business owner, you stand up that SBS
box with the defaults and then you adjust.

Make no mistake about it those in the SBS world are still fighting the
one nic/Sonicwall marketplace, but there are more and more folks that
never installed ISA 2000 that are now looking at ISA 2004 with an open
mind.

In my opinion, the battle is now for my desktops... and my battle is for
line of business apps that can't code worth a darn.

There's a zero day IE exploit posted on www.incidents.org and folks are
saying "quick run to Firefox".  Uh.. how about we ensure that we are
taking the long term view of moving our desktops to LUA, for now running
with IE in high security or using Michael Howard's Drop My Rights, and
then go beating up on vendors that can't code worth a darn.

How about I ask again and all of us...including myself... start again
with an open mind.

Drop the stereotypes and assumptions and start fresh.

How about we attempt to understand each others viewpoints and the
marketplaces they are addressing?

Susan



Very well put!

Joseph F. Danielsen,
MCSA - Exchange Messaging Specialist, MCP Network Blade Inc.
49 Marcy Street
Somerset, NJ 08873
732-213-0600
www.networkblade.com




-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, November 21, 2005 9:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA on SBS webcast

http://www.ISAserver.org

Hi Amy,

Indeed! Acutally, I was quite surprized by their overall low level of
network awareness.

That's why I was really getting into that SBS series on the
ISAserver.org site and doing the analysis on what I thought was going on
with the installation routine and explaning the meaning of the options
to the folks. My take on things is that just 'cause someone doesn't know
something doesn't mean he can't learn, and I wanted to make the
opportunity available to learn about some interesting and important
networking concepts, using the ISA firewall install and management as
the framework.

But then I hear that SBS is about running wizards and never deviating
from them and the cr*ppy defaults they use, all for "supportability"
reasons, and then end up dealing with a fraternity of folks like from a
CM Kornbluth novel pounding on me for providing forbidden information.

Who knows, I might go back into that space in the future. There's people
like you, and Joseph, and heck ME who actually deploy this thing for
people who aren't interested in being the lowest common denominator.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, November 21, 2005 7:38 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA on SBS webcast
>
> http://www.ISAserver.org
>
> Let's just say that year before last when you graciously wrangled me a

> ticket into SMBNation it opened my eyes. I heard plenty of pretty dumb

> things about ISA that weekend and I thought to myself, where have 
> these people come from? Then I thought, hey I'm pretty smart! I didn't

> know anyone cared about SBS but me. I wasn't quite as bad as my friend

> Mike "the island" (last name withheld) but I wasn't aware that there 
> was such a tight SBS community. I came in completely innocent and left

> completely appalled at the level of ISA ignorance.
>
> The tide has turned. There is a tremendous thirst for ISA knowledge 
> among SBS consultants right now.
>
> Amy
>
> Harbor Computer Services
> Small Business Computer Specialists
>
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Sunday, November 20, 2005 6:24 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA on SBS webcast
>
> http://www.ISAserver.org
>
> Looks like Amy is a supporter of Jim Harrison's Blue Ribbon Campaign:
>
> http://www.msfirewall.org/isa2004/jimssbswork.htm
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
> > [mailto:sbradcpa@xxxxxxxxxxx]
> > Sent: Sunday, November 20, 2005 4:08 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA on SBS webcast
> >
> > http://www.ISAserver.org
> >
> > Amy Babinchak's ISA 2004 "taco talk" is now available for viewing:
> > http://msmvps.com/bradley/archive/2005/11/20/76038.aspx
> >
> > Microsoft Office Live Meeting - View A Recording:
> > https://www120.livemeeting.com/cc/winserver_usergroup/view?id=
> > Q78FXW&pw=SqPq4%60P
> >
> >
> > Live meeting recording thanks to the WinServer community group who 
> > also is bringing you www.theworkingnetwork.com
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List 
> > as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


Other related posts: