Ha! Yes, the psychiatry of enterprise admins is quite different from the smaller orgs. There are tons of "issues" you have to deal with. In contrast with smaller business, where often they no nothing, the enterprise admins know a lot more, but the problem is the lot of what they know is incorrect, wrong, and often downright insane. However, the insanity isn't very often a true insanity, it's driven by personal agendas and secondary gains, such as CYA, hiding incompencies, laziness, and letting sales buy educated them about the "right thing" to do. You can imagine the result -- it would be like having the pharmaceutical reps "educate" me about drugs. That didn't happen and I always did independent research. But that's how our industry sells 50K Blue Coat boxes when they could have an ISA Firewall array for 20K. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- Microsoft Firewalls (ISA) ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Wednesday, October 18, 2006 10:10 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: How many ISA servers? That's an understatement. Yesterday I performed a Siamese twin operation to separate the Internet from the Intranet websites. The Intranet was a subfolder of the Internet and completely available on the Internet. In doing so, I created 2 new servers on the network, changed server name and IP addresses and did not have to modify the firewall at all to be able to allow the public to view the Internet site. Next up, DNS separation while proposing the firewall project. I've got some really good ammo now. I'm beginning to remember why I left Enterprise. I hate living with stupid decisions made by non-IT staff and dealing with incompetent people around me in the department. As far as I can tell all the network engineer knows how to do is use Acronis. Amy ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Wednesday, October 18, 2006 10:58 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: How many ISA servers? The deployment scenario is driven by the customer requirements, and you own recommendations to increase security over the customer's core requirements. There's a good chance that their current firewall deployment is suboptimal, since an aged Check Point server deployment was probably designed and configured for a threat environment very different from what we have today. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Wednesday, October 18, 2006 9:33 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: How many ISA servers? Thanks. That's a very confusing calculator. It says 1 single processor server, 1 duel processor server, 1 dual core processor server under network load balancing and also under caching. So does this mean I need one server or one of each? It's very unclear. What I'm really looking for is more of a decision tree ending with a recommendation for the deployment scenario. Since this is my first deployment where I think I need more than 1 ISA server, I'm looking for some validation before I make the recommendation to the client. As an edge firewall. * In a 3-leg configuration. * With another firewall. * As an Internal network segment firewall. * As a Web proxy or caching server. Amy Babinchak ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, October 18, 2006 9:26 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: How many ISA servers? Take a look at the calculator to the right of http://www.microsoft.com/isaserver. This was created to help you make just those decisions... From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Wednesday, October 18, 2006 6:24 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] How many ISA servers? Is there a good planning document that can help me decide how many ISA servers to deploy? I've got a large network that I'm working on and I'd like to ditch the vintage NT checkpoint box in favor of ISA. I'm thinking that 2 ISA servers will be the way to go but I'd like to review my thoughts against Microsoft recommendations. Is there such a document? I found one called: Network Concepts in ISA Server 2006 But all it does is list the deployment scenarios doesn't explain how to choose between them. Amy Babinchak All mail to and from this domain is GFI-scanned.