[isapros] Re: How many ISA servers?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Wed, 18 Oct 2006 10:29:16 -0500
Ha! Yes, the psychiatry of enterprise admins is quite different from the
smaller orgs. There are tons of "issues" you have to deal with. In
contrast with smaller business, where often they no nothing, the
enterprise admins know a lot more, but the problem is the lot of what
they know is incorrect, wrong, and often downright insane. However, the
insanity isn't very often a true insanity, it's driven by personal
agendas and secondary gains, such as CYA, hiding incompencies, laziness,
and letting sales buy educated them about the "right thing" to do. You
can imagine the result -- it would be like having the pharmaceutical
reps "educate" me about drugs. That didn't happen and I always did
independent research. But that's how our industry sells 50K Blue Coat
boxes when they could have an ISA Firewall array for 20K.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Wednesday, October 18, 2006 10:10 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: How many ISA servers?
That's an understatement.
Yesterday I performed a Siamese twin operation to separate the
Internet from the Intranet websites. The Intranet was a subfolder of the
Internet and completely available on the Internet. In doing so, I
created 2 new servers on the network, changed server name and IP
addresses and did not have to modify the firewall at all to be able to
allow the public to view the Internet site. Next up, DNS separation
while proposing the firewall project. I've got some really good ammo
now.
I'm beginning to remember why I left Enterprise. I hate living
with stupid decisions made by non-IT staff and dealing with incompetent
people around me in the department. As far as I can tell all the network
engineer knows how to do is use Acronis.
Amy
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Wednesday, October 18, 2006 10:58 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: How many ISA servers?
The deployment scenario is driven by the customer requirements,
and you own recommendations to increase security over the customer's
core requirements.
There's a good chance that their current firewall deployment is
suboptimal, since an aged Check Point server deployment was probably
designed and configured for a threat environment very different from
what we have today.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Wednesday, October 18, 2006 9:33 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: How many ISA servers?
Thanks. That's a very confusing calculator. It says 1
single processor server, 1 duel processor server, 1 dual core processor
server under network load balancing and also under caching. So does this
mean I need one server or one of each? It's very unclear.
What I'm really looking for is more of a decision tree
ending with a recommendation for the deployment scenario. Since this is
my first deployment where I think I need more than 1 ISA server, I'm
looking for some validation before I make the recommendation to the
client.
As an edge firewall.
*
In a 3-leg configuration.
*
With another firewall.
*
As an Internal network segment firewall.
*
As a Web proxy or caching server.
Amy Babinchak
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Wednesday, October 18, 2006 9:26 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: How many ISA servers?
Take a look at the calculator to the right of
http://www.microsoft.com/isaserver.
This was created to help you make just those
decisions...
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Wednesday, October 18, 2006 6:24 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] How many ISA servers?
Is there a good planning document that can help me
decide how many ISA servers to deploy? I've got a large network that I'm
working on and I'd like to ditch the vintage NT checkpoint box in favor
of ISA. I'm thinking that 2 ISA servers will be the way to go but I'd
like to review my thoughts against Microsoft recommendations. Is there
such a document?
I found one called: Network Concepts in ISA Server 2006
But all it does is list the deployment scenarios doesn't explain how to
choose between them.
Amy Babinchak
All mail to and from this domain is GFI-scanned.
Other related posts:
