In out test environment, the internal AD structure is a forest with ROOT domain and several CHILD domains.
I need to set up an ISA architecture on 2 levels: front end (edge) which leads to a dmz where there are web servers and terminal servers; bck end (separating the dmz from the real infrastructure) where there are the domain controllers, the db servers...
Both front end nd back end ISAs need to be configured in NLB (for high availability).
Some questions: 1) Active Directory: 3 possible options - Create a domain for ISA in the actual (a child for ROOT) - Create a domain for ISA as separate and set up a trust - Create a domain for isa as separate and access current domains via LDAP (as far s I understood a new feature in ISA 2006)
Which is the best option, i.e. the most secure and flexible.
2) After the edge ISA there are several subtnets, belonging to different environments, which should not route among themselves, but only on specific conditions (protocols) managed by ISA. All of these needtworks need to talk to the "public" internet.
Which option is best: have several phisical nics on the edge firewall or just one nic with several IPs (note: edge is a VM on ESX 3, so there are no issues on adding more Vnics).
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Can see where Tom is heading here...I will also defer my response until you get chance to answer.
As for the NICs, ISA needs a NIC per network definition so you will need seperate NICs for each of thre security zones you are planning on using. This is a nice setup that provides a good "least privilege" approach...
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA AD architecture and multiple independent subnets 
ISA AD architecture and multiple independent subnets - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread