• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2006 Planning for two datacenters

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA 2006 Planning for two datacenters Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2006 Planning for two datacenters - 31.Mar.2009 7:00:14 AM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
Hi All,
This is my first post and I am fairly new when talking about ISA. My setup is as follows
Datacenter 1
3 Exchange 2007 mailbox clustered servers
2 Hub transport and client access servers

Datacenter 2
3 Exchange 2007 mailbox clustered servers
2 Hub transport and client access servers

Each of these datacenters will have an ISA 2006 server in the DMZ and Exchange will be published via ISA 2006.

Now the question is that is there any way to load balance the connections between these 2 ISA 2006 servers? (like if 1 server goes down the other handles the connections so there is no downtime)
Post #: 1
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 7:50:23 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
ISA supports Microsoft NLB for HA, but this is 'subnet bound' and hence cannot be used across datacentres unless you can create a stretched VLAN or similar...

Normally, you would need to use some form of external load balancer to get the traffic to ISA in the way you describe...

Why is ISA going into the DMZ?

Cheers

JJ


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to rakeshmiglani)
Post #: 2
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 9:40:46 AM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
Thanks for the reply. An external load balancer is not in the budget
ISA has been put in the DMZ to publish OWA/EAS and Outlook Anywhere
Setup is
Internet-Firewall-ISA-Firewall-Exchange

(in reply to Jason Jones)
Post #: 3
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 10:04:12 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Round robin DNS then, or an intelligent DNS service.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to rakeshmiglani)
Post #: 4
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 10:13:02 AM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
Will I also have to create an Array to implement Round robin DNS?
Can you share any article which explains more abour Round Robin and how to configure it?

(in reply to Jason Jones)
Post #: 5
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 10:20:30 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
No, you wouldn't need an array. However, you could put an array at each data centre using NLB, and then use round robin DNS to access the VIP of each array.

Round robin DNS is pretty simple and discrete from the ISA setup:

http://en.wikipedia.org/wiki/Round_robin_DNS

http://www.zytrax.com/books/dns/ch9/rr.html

The IP addresses you use in DNS would be the public IP addresses that NAT from your external firewall to the ISA interfaces in each of the the DMZs.

Cheers

JJ

< Message edited by Jason Jones -- 31.Mar.2009 10:22:36 AM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to rakeshmiglani)
Post #: 6
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 11:19:35 AM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
Can you please give more details around "However, you could put an array at each data centre using NLB, and then use round robin DNS to access the VIP of each array."
 
Can an array be created with just 1 node of ISA server as I only have 1 ISA 2006 server per datacenter?
Also, array would require enterprise edition and am I correct in assuming that DNS round robin can be done with a standard edition box?

(in reply to Jason Jones)
Post #: 7
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 11:41:07 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: rakeshmiglani

Can you please give more details around "However, you could put an array at each data centre using NLB, and then use round robin DNS to access the VIP of each array."
 
Can an array be created with just 1 node of ISA server as I only have 1 ISA 2006 server per datacenter?
Also, array would require enterprise edition and am I correct in assuming that DNS round robin can be done with a standard edition box?


Sorry, I meant to imply you could not that you necessarily should.
 
I assumed that if you are looking at two data centres then HA is important; hence protecting each data centre against individual ISA server failure by using NLB might be of interest.

Yep - an array means ISA EE.

Yep - DNS RR doesn't need ISA EE and would work fine with SE. With SE you will lose a single point of management and you won't be able to provide server failure protection in each site, this may not be an issue for you though...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to rakeshmiglani)
Post #: 8
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 2:20:55 PM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
yes, HA is important.
so if I understand correctly, my options are

1) implement EE ISA and then do NLB with a streched VLAN

2) Do DNS Round Robin

I just checked with the network team and they have mentioned that a streched VLAN is not possible between the 2 datacenters.

so, does that mean that the only option left is DNS round robin?

will that provide HA?

(in reply to Jason Jones)
Post #: 9
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 4:21:14 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Right, let makes sure we are not talking about apples and oranges here

For a proper HA solution, you have two main elements to consider:

1. Site resilience
2. Server resilience

Let's consider the site resilience first:

If you cannot do a stretched VLAN and you cannot afford a load balancer than you could use DNS RR to balance incoming connections to ISA; these ISA Servers could be running ISA SE or ISA EE, it doesn't really matter. If site A fails, 50% of the people will be using site B (assuming a fairly even split) and hence you don't totally lose the service. You could then update DNS and remove the IP addresses for site A to get 100% of people using site B. DNS RR is not an ideal solution, but it is viable if you accept the limitations...

Let's consider the server resilence option:

If you want to to protect against server failure at either of the sites and negate the need to failover the entire site, it makes sense to implement two ISA servers per site and then use ISA EE with NLB to cluster them. You cannot achieve this with ISA SE and you would need ISA EE.

You could argue that with site resilience you don't need server resilience. However, in reality it is often preferred to have some form of local HA rather than have to fail the entire site just because a single server has failed.

At the end of the day it comes down to what you can afford and what level of HA you really need to keep the business happy...

Does that make sense? Apologies if this is obvious stuff!

Cheers

JJ

< Message edited by Jason Jones -- 31.Mar.2009 4:22:55 PM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to rakeshmiglani)
Post #: 10
RE: ISA 2006 Planning for two datacenters - 31.Mar.2009 4:28:43 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
A bit mroe info:

http://forums.isaserver.org/m_2002075702/mpage_1/key_/tm.htm#2002075702

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Jason Jones)
Post #: 11
RE: ISA 2006 Planning for two datacenters - 1.Apr.2009 4:17:39 AM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
Thanks JJ for your expert advise. I will be going with DNS RR for this setup.

(in reply to Jason Jones)
Post #: 12
RE: ISA 2006 Planning for two datacenters - 1.Apr.2009 4:19:43 AM   
rakeshmiglani

 

Posts: 7
Joined: 31.Mar.2009
Status: offline
Is a web farm the same as DNS RR?
Can I implement a web farm in this case?

(in reply to Jason Jones)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA 2006 Planning for two datacenters Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts