[isapros] Re: Using ISA Server to Extend Server and Domain Isolation Interoperability
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Fri, 1 Feb 2008 07:01:12 -0800
Hopefully I'll have a chance to read it today...
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Friday, February 01, 2008 6:47 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Using ISA Server to Extend Server and Domain
> Isolation Interoperability
>
> I remember looking at this document when it first came out and not
> being greatly impressed.
>
> TBH I am sceptical of the whole server and domain isolation model as
> from my experience it is actually very hard if not impossible to put
> the design into practice unless the customers is willing to spend an
> awful lot of money to invest in the time needed to define all the
> necessary elements. I've always like the "security clarity" of this
> approach, but often fallen at the first hurdle when looking at
> implementation.
>
> Most companies (outside of MS corp) just don't seem to know enough
> about their own infrastructure/environment to even begin looking at
the
> SDI model - often, it is hard enough trying to do internal firewalling
> with ISA Server and that is just for a small subset of applications!!
>
> Have anyone actually implemented an SDI design for a customer? Am I
way
> off base here or it is actually achievable???
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele
> Sent: 30 January 2008 14:19
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Using ISA Server to Extend Server and Domain
> Isolation Interoperability
>
> Hi,
>
> did anyone study are try out the guide
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=589fcf8e-0511-
> 4c22-
> a39e-6b841dd3c74f&displaylang=en ?
>
> I'm just starting to read it and it seems not to be very consistent!
:-
> (
>
> If I got it right the External network is the IPsec world (Isolation
> Domain)
> and the Internal network is the non-IPsec world. The ISA is member of
> the
> Isolation Domain.
> I would expect a NAT relationship from the Internal network (non-IPsec
> world) to the External network (IPsec world). However the procedure
> given
> seems to reverse the direction!?!?
>
> Further down the guide there is IMHO more inconsistentcy when they
talk
> about "Creating a Server Publishing Rule".
>
> Hmm... I'm missing something???
>
> Best Regards,
> Stefaan
>
> MVP ISA Server
> http://www.isaserver.org/Stefaan_Pouseele/
> http://blogs.isaserver.org/pouseele/
>
>
>
>
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual to whom it is addressed.
> If you have received this email in error, or if you believe this email
> is unsolicited and wish to be removed from any future mailings, please
> contact our Support Desk immediately on 01202 360360 or email
> helpdesk@xxxxxxxxxxxxxxxxx
>
> If this email contains a quotation then unless otherwise stated it is
> valid for 7 days and offered subject to Silversands Professional
> Services Terms and Conditions, a copy of which is available on
request.
> Any pricing information, design information or information concerning
> specific Silversands' staff contained in this email is considered
> confidential or of commercial interest and exempt from the Freedom of
> Information Act 2000.
>
> Any view or opinions presented are solely those of the author and do
> not necessarily represent those of Silversands
>
> Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
> Company Registration Number : 2141393.
>
Other related posts:
