http://www.ISAserver.org ------------------------------------------------------- You don't happen to have a starting point of the services required by any chance. Some are obvious, 1433T, 1434U for SQL, 80T, 433T for web, 53T for dns the list goes on and on -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Friday, 11 August 2006 02:01 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Use of an ISA server between server farm & client PC's http://www.ISAserver.org ------------------------------------------------------- I've actually implemented a internal client-sever ISA solution to separate clients from servers as well... Except in my case, I don't "publish" services-- I've got a route relationship and use access rules to only allow specific services/protocols from the clients to only the machines necessary. It's still in development (not deployed yet) but testing is going well. I would suggest that you fully map out what services are required from what client to what servers, though. Troubleshooting in least-privileged environments can be tough when you can only hit specific resources from specific clients-- many times the admin is used to full-stack access from anywhere to anywhere on the internal network. t On 8/9/06 10:46 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > Hi, > > I've been asked to implement a novel solution for a new client. > > They are replacing an existing single SBS w3K with premium > technologies, with a six server 'solution' spread across 2 sites, > designed by the technical director who by the way is a civil enginer, > not an IT person. In the process they are moving from a single > building to 2 buildings, partly for redundacy, but mostly because of > the need for a chinese wall between the 2 user groups from a client contract perspective. > > The 2 sites are only 800M apart, and will linked using 2 wireless > access points and high gain antennas, this should work OK. But the 2 > sites will have different non trusted domains, separate e-mail > domains, etc, basically operating as 2 separate companies, with only board level management the same. > Under this arrangement I'm not sure why the wireless link exists, but > I'm sure that a good reason exists. > > There proposal is for each site to have an ADSL2 internet Link, > feeding into a dual nic'ed ISA2004 server, then into the main > application server running W3K, exchange 2003, SQL 2005 doing active directory WINS, DNS, DHCP. > > The novel part of the solution is then for a second dual nic'ed ISA > server to 'publish' the servers to the LAN where the users workstations are located. > > Whilst I've never done or seen this config before, I can't see any > reason why it would not work. They have already purchased all of the > servers, software, disks, UPS's, and other hardware, they are just > asking me to put it all together and get it working (with a big fat caveat sitting on top). > > But, does any one of you wise gentlemen have any comments or > suggestions on how this will work, or any likely pit falls to be avoided. > > Regards > Glenn > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx