Welcome to ISAserver.org

RE: ISA 2004 - New

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> Installation >> RE: ISA 2004 - New

Page: << < prev 1 [2]

Message

<< Older Topic Newer Topic >>

RE: ISA 2004 - New - 22.Jun.2005 4:49:00 AM

amireh

Posts: 19
Joined: 10.Sep.2004
From: Iran
Status: offline

Hi;
WOW, You should present ISA2004 to your manager. you can use this article to compare ISA 2004 with other firewalls.
http://www.isaserver.org/pages/article_p.asp?id=1316

I really suggest you to Install just ISA on seprate computer.

regards
Amireh

(in reply to WildPacket)

Post #: 21

Featured Links*

RE: ISA 2004 - New - 22.Jun.2005 9:39:00 AM

WildPacket

Posts: 72
Joined: 24.Mar.2004
From: Canada
Status: offline

My Manager is some what inclining towards ISA now ... as I am testing and exploring it's features.

Now time to make sure he installs it on a seperate box.

Thanks guys.

(in reply to WildPacket)

Post #: 22

RE: ISA 2004 - New - 23.Jun.2005 10:03:00 PM

Sunny.C

Posts: 800
Joined: 5.Apr.2005
From: sydney
Status: offline

ok now trust me on this i have worked with that model router, i can tell you it's not worth the money.Sure it's a good router but it's not great, for it's price range i would expect much better.
Look at it this way ISA is cheaperand much more flexable.

(in reply to WildPacket)

Post #: 23

RE: ISA 2004 - New - 10.Jul.2005 8:00:00 AM

smartsys

Posts: 36
Joined: 5.Sep.2001
Status: offline

First off all. Ask your manager if he is a Microsoft Professional? If he od she answers with a Yes, quit your job and find something else. You will never get the opportunity to do things proper under his supervision. If he or she answers No, than just tell him that Microsoft has put up some rules to install a ISA firewall/proxy server and the most important rule is that the ISA server must be installed as a single service! Many people see Isa server a an application which it is NOT. It is a complex service that should never be compromised by security leaks in other applications!

Ok. Now ask your manager what he or she wants?
Ask him/her what he/she expects from the IT enviroment?
Does he/she want a flexible enviroment with an uptime of 99.9% and with "garanteed" security? Or is he/she pleased with an uptime of 80%, "possible" security and no flexibility?

You are the technician and you must come up with multiple plans. Don't think in hardware/software at first, but think in design blocks. You fill in the blocks later. A block can be a server, a switch, a UPS, a tape device, a client computer or even the internet.
Put up three network designs with ALL pro's and con's!
Next fill in the required blocks with hard- and software.
Don't forget to look at the routers and switches. If you want premium quality and service, go for Cisco, HP or 3Com for example, otherwise Linksys for example might be a good alternative.
Same goes for server hardware. Go for HP, IBM or Dell with service contracts if uptime is very important. Also arrange a good 19" rack and a airconditioned lockable room for you servers and switches. Try to eliminate every possible risk. Make your servers redundant and don't forget a double UPS system. One for each powergroup.
Also don't and this is the most common made mistake, don't forget the backup/storage solution. Storage is expensive so many companies try to save money on the storage enviroment. In almost every case a major crash means big trouble because of huge downtimes and in many cases loss of data.

A good solution for your company might consist of:
5 servers
1 Domain Controller
1 File/Print server
1 Exchange server
1 Isa Server
1 Backup server

You can use 4 HP Proliant DL380 G4 (Intel Xeon based) or DL385 (AMD Opteron based) servers for the DC,File/Print,Exchange and ISA server.
In this setup you are very flexible with the configuration. All servers are the same except for the disk configuration.
Use 2 36GB 15K disks in Raid 1 for the OS on the Domain controller.
Use 5 36GB 15K disks for the ISA server. 2 in Raid 1 for the OS, 3 in Raid 5 for the proxy cache.
I don't know your data quota configuration, but with modern hardware a user home folder and mailbox of 1GB isn't that expensive. Just use 2 36GB 15K drives in Raid 1 for the OS and add 4 147GB 15K drives in the file/print and exchange box for data storage.
On the file/print server you can enable volume shadow copy to provide easy restores in case of users overwrite files with blank versions or accidental deletes.

The Backup server must be a machine with a huge amount of diskspace. A HP ProLiant DL380 G4 Storage Server External SCSI Model with 14 300GB 10K disks should do the trick.
A HP MSL6030 tape library with one Ultrium 960 SCSI drive should be sufficient for three years.

Why use a NAS as a backup server? You can first backup every thing to disk. This is very fast and after this backup you have 24hours to backup data to tape. Since you have over 4TB of disk storage you can restore an entiry week from disk, so you don't have to change tapes on restore request.
The MSL 6030 can hold 30 tapes, so you can create copies to provide offsite storage and still have the abbility to provide full server restores one month old without changing tapes.

On the network side you can create a seperate backup lan. All HP servers have 2 GB NICs onboard. Use one subnet 192.168.1.x for the LAN and use 192.168.100.x for the backup LAN.
Use two Cisco Catalyst 3750G-24T-E swithes to provide fast managable communication for your LAN and Backup LAN. To expand the LAN use as many as needed Cisco Catalyst 3750G-48PS switches to provide 100MB managed switched ethernet to your clients with Power over Ethernet support. Now you also have a very interesting situation to provide Voice over IP (VoIP)!

With this you have a very fast and reliable enviroment. It does cost some dollars, but it will be worth every cent.

[ July 10, 2005, 08:07 AM: Message edited by: smartsys ]

(in reply to WildPacket)

Post #: 24