RainConnect Demo Install
- From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 11 Sep 2002 16:32:04 -0700
OK, I went through the RainConnect Demo install yesterday, and here is my
report based on my experience and our setup.
My credentials
I earned my MCSE in December of 1999, and am one of a relatively small
number of MCSE that took and passed the 70-240 exam. I have been in this
business for about 1 ½ years, with about 6 months of training/practice. This
means I am still green. Prior to that, I was a truck driver whose career
ended at the hands of a negligent car driver. Since high school, I have
dabbled in computers here and there, including MS DOS 2.1 and 5.0, including
DOS SHELL, but nothing serious until the last few years.
Our Company
We are a full service networking and consulting integrator serving the SMB
market in Southern California. We are a Microsoft Certified Partner as well
as a OEM builder for Microsoft as well as a few other hardware vendors. Our
core services are providing computer and network support to our clients as
well as hosting services. With this we also have programmers
building/support e-commerce sites and other software programs such as
account and medical billing/recording. Our in-house network consists of a
T-1 Frame relay into a ISA server in a 3 legged configuration. The DMZ
includes 2 DNS servers, a Mail server, a SQL server, a Web server, an
E-commerce server, 2 test servers and a administration workstation, all in
their own domain. The LAN includes 2 AD/DNS/FILE servers and about 15
workstations.
Lab Setup
Lab subnet off the T-1 into a hub, then into 2 Linksys routers, both doing
NAT but creating to separate subnets, then both into a switch, then into the
Lab ISA. This provided two live Internet connections to simulate two ISP
links. The ISA was set up with 2 NIC, one External and one Internal. It was
loaded with Win2K server SP3, ISA Enterprise Edition SP1 without AD
integration and IE 6.0. The LAN included a Win2K server running AD and DNS
and a WinXP Pro workstation. A third computer is configured as a IIS server,
but do to time constraints, I have not been able to test with that.
Install
Do to a very hectic week, I was not able to read through the User Guide and
such before hand. That would have helped a lot. First problem: Install
required Java J2RE installed. OK, find it on Sun's web site and install.
Install went fine except for confusion on my part about which IP addresses
to put on the External interface of ISA. Reading through the material ahead
of time would have cleared that up. So know RainConnect is up and ready to
be configured. Went to log on. Was supposed to have logged on via
https://{ipaddress}:6381 <https://%7bipaddress%7d:6381/> . No go. OK, Jason,
(the engineer helping through the demo,) said to try http://{ipaddress}:6380
<http://%7bipaddress%7d:6380/> . That worked. I forgot to ask him about this
later. So, log on and screen says please wait loading. After 1 minute,
obvious something is wrong. Turns out IE 6.0 is not supported. Again,
reading the material ahead of time would have worked. OK, uninstall IE 6.0,
uninstall RainConnect, then Reinstall RainConnect. I am now using IE 5.01
SP2. (Standard on Win2K.) Still waiting. Jason checks on something, then
says to unlink the Java plug-in to IE. Now it works. (I forgot to follow up
on this issue. Manual says use IE 5.5, so I assume it works fine with that.)
OK, now finally I am logged in and ready to Demo. Potty break. (Hey, we are
human.)
Demo
The demo went very smoothly. However, it is all done through a web based
configuration. The screen I had to work with is a 15" monitor that will only
support 480 x 640. Not very pretty. According to one of the other Engineers
I spoke with, they are working on a MMC, and will hopefully have a beta
ready to test in a month or two. The web interface does make it a little
cumbersome to go through. We went through probably about 70% of the
functions. I started raising concerns when talking about DNS, as RainConnect
takes over the DNS functions for A and MX records. Supposedly, all other
record queries, include SOA, version and admin are passed to an Internal if
configured to do so. Yes, that makes sense to me so as to provide the
incoming failover support. But DNS IS a very touchy subject, especially when
providing hosting services to clients. Also, it does not support zone
transfers. The Engineer did say that they have one customer that is running
11 domains with the associated A and MX records configured, but that it is
cumbersome. I then asked about DMZ support. They indicated that it does
support a DMZ transparently. That means that nothing is actually configured
on the RainConnect, but that it accepts all traffic based on the IP and
subnet mask that it is configured with on the ISP links. (RainConnect
actually receives all communication to the External nic, processes it, and
then passes it to ISA.) So, a DMZ is possible. The RainConnect will
dynamically change the DNS records based upon which link is available, or if
you have different bandwidth configurations on the ISP links, then by
bandwidth in use. It does that by returning very low TTL values on the A and
MX records. Overall, a very straight forward configuration, although
cumbersome by the web interface design, which uses Java frames.
Opinion/Recommendation
Drum roll please:
I like it.
There are a few items I am going to follow up on, time permitted. I still
have it installed and plan to leave it to see if I have time to "play" with
it some more. If I have the time and I do not need the lab for other items,
I will probably ask for a demo license extension.
For our situation, it is not a feasible product at this time, as to fully
utilize it's incoming and outgoing fail over support, we would have to
purchase 2 in a cluster configuration, and we do not have the budget for one
let alone two. However, for someone who does not use a DMZ, it is very
promising. If you host websites or mail published through ISA on the
Internal, and you need to have 2 reachable DNS servers, you will need to
have 2 RainConnect product to provide that kind of redundant support.
Otherwise, if you can live with one publicly available DNS server, then all
you need is one RainConnect. If you are only worried about outbound fail
over, then all you need is one.
All in all, it is a very promising product. I would not try to use it with a
DMZ at this time with out further testing and/or support from an Engineer at
RainConnect. One unit is great for outbound fail over, but 2 is probably
needed if you host more than a simple web site and mail server.
As with any new product, we can only look forward to it getting better and
stronger.
Again, these are my opinions, so take them with a grain of salt.
Questions and comments welcome.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
Other related posts:
