[isalist] Re: Putting ISA2k4 infornt of SBS
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 20 Sep 2006 07:51:42 -0400
http://www.ISAserver.org
-------------------------------------------------------
SBS is just a collection of servers residing on one box. It doesn't
freak out any more than any other box. A DMZ is possible and you can
install as many NICs as you wish into the SBS box. (see the blog)
However, the connect to the internet wizard is only aware of 2 NICs. If
you want to use that wizard and you have more than 2 NICs installed
disable the additional NICs, run the wizard and then enable them. Your
suggestion of putting an ISA server in front of the SBS box is a good
one but keep in mind that you'll have to purchase the licenses for it.
The SBS license doesn't allow you to split off anything. Because of the
cost of doing this most small businesses don't host their own website.
Hosting is so inexpensive these days it's hardly worth hosting your own
site.
Amy Babinchak
Harbor Computer Services
(248) 546-6056 office
(248) 890-1794 mobile
http://isainsbs.blogspot.com
http://keepitsecure.blogspot.com
http://www.harborcomputerservices.net
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve diMascio
Sent: Wednesday, September 20, 2006 6:14 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Putting ISA2k4 infornt of SBS
http://www.ISAserver.org
-------------------------------------------------------
I've been asked to put a webserver online on an SBS2k3 (premium)
installation. Obviously id prefer this webserver to be in a dmz, but the
topology for sbs seems to not like this concept? 3 nics in sbs =
wizard-killer? Or sbs-killer? As the company is growing in size (and
surface), it seems like now's a good time to review there attack surface
also.
What I'm looking at is placing a front-end isa2k4 infront of sbs2k3
(with isa2k4), and using the front-end isa to direct the webserver
traffic to a perimeter network, and the rest to the sbs box. I've had a
look round and cant find many articles on this setup. I did read an
article on isainsbs written by Amy, though there wasn't any info on how
this scenario may affect the sbs box or its wizards.
Anyway my reasoning for going this route is to get a couple of extra
servers in there to reduce the one time cost of ditching sbs and
separating the severs out, also having a dedicated (uncastrated isa)
firewall will help me sleep better at night. The company has a server
that's suitably specd to carry out the job, so the costs going to be isa
(single proc). And they can live with that.
So is this a viable solution, can sbs (premium) live behind a dedicated
isa box without freaking out ? Or is there a better solution for them.
Steve
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
