[isalist] Re: Use of an ISA server between server farm & client PC's

• From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Fri, 11 Aug 2006 09:20:11 +1000

http://www.ISAserver.org
-------------------------------------------------------

You don't happen to have a starting point of the services required by
any chance.

Some are obvious, 1433T, 1434U for SQL, 80T, 433T for web, 53T for dns
the list goes on and on



-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Friday, 11 August 2006 02:01
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Use of an ISA server between server farm & client
PC's

http://www.ISAserver.org
-------------------------------------------------------
  
I've actually implemented a internal client-sever ISA solution to
separate clients from servers as well...

Except in my case, I don't "publish" services-- I've got a route
relationship and use access rules to only allow specific
services/protocols from the clients to only the machines necessary.

It's still in development (not deployed yet) but testing is going well.
I would suggest that you fully map out what services are required from
what client to what servers, though.  Troubleshooting in
least-privileged environments can be tough when you can only hit
specific resources from specific clients-- many times the admin is used
to full-stack access from anywhere to anywhere on the internal network.

t



On 8/9/06 10:46 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Hi,
>  
> I've been asked to implement a novel solution for a new client.
>  
> They are replacing an existing single SBS w3K with premium 
> technologies, with a six server 'solution' spread across 2 sites, 
> designed by the technical director who by the way is a civil enginer, 
> not an IT person. In the process they are moving from a single 
> building to 2 buildings, partly for redundacy, but mostly because of 
> the need for a chinese wall between the 2 user groups from a client
contract perspective.
>  
> The 2 sites are only 800M apart, and will linked using 2 wireless 
> access points and high gain antennas, this should work OK. But the 2 
> sites will have different non trusted domains, separate e-mail 
> domains, etc, basically operating as 2 separate companies, with only
board level management the same.
> Under this arrangement I'm not sure why the wireless link exists, but 
> I'm sure that a good reason exists.
>  
> There proposal is for each site to have an ADSL2 internet Link, 
> feeding into a dual nic'ed ISA2004 server, then into the main 
> application server running W3K, exchange 2003, SQL 2005 doing active
directory WINS, DNS, DHCP.
>  
> The novel part of the solution is then for a second dual nic'ed  ISA 
> server to 'publish' the servers to the LAN where the users
workstations are located.
>  
> Whilst I've never done or seen this config before, I can't see any 
> reason why it would not work. They have already purchased all of the 
> servers, software, disks, UPS's, and other hardware, they are just 
> asking me to put it all together and get it working (with a big fat
caveat sitting on top).
>  
> But, does any one of you wise gentlemen have any comments or 
> suggestions on how this will work, or any likely pit falls to be
avoided.
>  
> Regards
> Glenn
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » [isalist] Use of an ISA server between server farm & client PC's
• » [isalist] Re: Use of an ISA server between server farm & client PC's
• » [isalist] Re: Use of an ISA server between server farm & client PC's
• » [isalist] Re: Use of an ISA server between server farm & client PC's

1. Home
2. isalist
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---