• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: ISA server limits

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> RE: ISA server limits Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: ISA server limits - 13.Aug.2008 5:12:15 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Strictly going by the book price and we all know how much decission making person like the price argument :) the license cost is also something you might consider... I mean if you have to pay for EE license taken from Ms website you're dead :) 6000$ per processor... vs 1500.

(in reply to Jason Jones)
Post #: 21
RE: ISA server limits - 15.Aug.2008 8:49:43 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

A top end dual core Xeon box with 4GB of fast RAM and fast disks, plus configuration according to the best performance guidelines, can easily take care of 1500 users on a 20Mbps Internet connection when using SE.

I use EE only when NLB is required, or when I can determine that CARP is actually providing the organization some value, or if they have a distributed setup.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 22
RE: ISA server limits - 15.Aug.2008 8:54:50 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Also, there's no reason why you can't use two or three SE ISA firewalls and use DNS round robin to distribute the load among the ISA firewalls.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to tshinder)
Post #: 23
RE: ISA server limits - 15.Aug.2008 9:04:53 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: tshinder

Hi Jason,

A top end dual core Xeon box with 4GB of fast RAM and fast disks, plus configuration according to the best performance guidelines, can easily take care of 1500 users on a 20Mbps Internet connection when using SE.

I use EE only when NLB is required, or when I can determine that CARP is actually providing the organization some value, or if they have a distributed setup.

Thanks!
Tom


Yeah, I find most of our Enterprise customers now want HA and centralised management so EE is becoming more the de facto standard for us, either using standard server hardware or the Celestix enterprise units...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 24
RE: ISA server limits - 15.Aug.2008 9:06:18 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: tshinder

Also, there's no reason why you can't use two or three SE ISA firewalls and use DNS round robin to distribute the load among the ISA firewalls.

HTH,
Tom


Now sure how effective this would be with SSL based applications due to the lack of affinity with DNS RR...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 25
RE: ISA server limits - 15.Aug.2008 9:09:26 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

From how I understand how DNS RR works, the machine receives a list of names and then uses the name on top, unless the cached DNS record expires, and it requests name resolution again for the array. So, clients would be randomly assigned to a firewall for the period of time that the DNS record stays in the client cache. Then it may be assigned to another firewall when the name of the ISA firewall needs to be resolved again. So, there's no switching between firewalls during the course of a single session.

Do you understand DNS RR working differently?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 26
RE: ISA server limits - 15.Aug.2008 9:30:55 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
But what happens if you are midway through a session on an external SSL website and the cache expires?

Maybe I just dislike DNS RR

< Message edited by Jason Jones -- 15.Aug.2008 9:32:47 AM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 27
RE: ISA server limits - 16.Aug.2008 9:20:55 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Set a long TTL on the record!

Don't hate the player, hate the game!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 28

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> RE: ISA server limits Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts