• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Curious about IAG SP2 new feature

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [IAG 2007] >> General >> Curious about IAG SP2 new feature Page: [1]
Login
Message << Older Topic   Newer Topic >>
Curious about IAG SP2 new feature - 2.Jun.2009 2:02:36 PM   
PDfrsn

 

Posts: 10
Joined: 2.Jun.2009
Status: offline
The text describing IAG SP2 new features states that it is now possible to "publish applications to users located on corporate networks with IAG SP2" (see http://technet.microsoft.com/en-us/library/dd278123.aspx).

Does this mean that applications can be published on the internet network interface AND on the internal network interface on the same IAG server?

The description of the feature seems straightforward but I am not sure I understand the full implications.

Thanks for any light you might bring to this.
Post #: 1
RE: Curious about IAG SP2 new feature - 2.Jun.2009 8:12:37 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
SP2 supports the use on Windows Integrated authentication combined with KCD. This allows for a datacenter deployment of IAG where internal clients access applications via IAG too.

Due to support for Windows integrated, users are able to access applications transparently even though IAG is doing pre-authentication and delegation.

This is a good example:

http://www.iagserver.org/default.aspx?ctype=Articles&id=A00000019&name=How-to-configure-transparent-(Kerberos)-Integrated-Windows-Authentication-(IWA)-in-IAG-SP2-as-Internal-Authentication-Gateway

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to PDfrsn)
Post #: 2
RE: Curious about IAG SP2 new feature - 3.Jun.2009 9:58:19 AM   
PDfrsn

 

Posts: 10
Joined: 2.Jun.2009
Status: offline
Thanks for the info.

I already have an IAG server connected to the Internet acting as a VPN/SSL server.  The description of the new feature seems to imply that I could use the same server to publish internal applications to internal users.

This is where I am not sure because I used to think that IIS (on the IAG server) could only "listen" on the external network interface (facing the Internet) so that it cannot be used to serve requests from the extarnal AND internal network at the same time.

thanks

(in reply to Jason Jones)
Post #: 3
RE: Curious about IAG SP2 new feature - 3.Jun.2009 10:07:12 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
I have not use IAG for both at the same time, so not sure, sorry!

I imagine that the data center deployment model would have the external interface facing the client and the internal interface facing the servers in the data centre.

I will try and find out if it can provide both at the same time....will be in touch...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to PDfrsn)
Post #: 4
RE: Curious about IAG SP2 new feature - 5.Jun.2009 8:58:23 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

That's my impression too. The IAG is in front of the datacenter, which is different than the ISA scenario where you're using a split DNS to allow internal hosts access via the ISA firewall to internal resources.

What I don't understand about the datacenter sceanrio is if the DC is segmented away from the clients and located behind the IAG, how do the clients log on?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 5
RE: Curious about IAG SP2 new feature - 9.Jun.2009 4:59:02 PM   
mylo

 

Posts: 144
Joined: 26.Mar.2002
Status: offline
Jason/Tom,

Isn't that what the SPN is for in the iagserver.org article assuming that you are using split DNS so the request will rebound off the internal interface and the newly created (internal) trunk?

I'm not sure how this would work if you don't have a split DNS. I'm curious as I don't ..... so there's room for testing there.

Regards,
Mylo

(in reply to tshinder)
Post #: 6
RE: Curious about IAG SP2 new feature - 11.Jun.2009 9:59:48 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Indeed. I'm hoping to have a chance to test this in the near future, as I'll have a vacation coming soon where I can do all this!

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mylo)
Post #: 7
RE: Curious about IAG SP2 new feature - 11.Jun.2009 10:19:26 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Shouldn't you be taking Debbie somewhere a little nicer/exotic than you lab!

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 8
RE: Curious about IAG SP2 new feature - 12.Jun.2009 9:18:54 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Ha! Vacations are for kids. Old folks need to spend their vacations sharpening their minds, or else senility will set in!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 9
RE: Curious about IAG SP2 new feature - 12.Jun.2009 9:34:06 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: tshinder

Ha! Vacations are for kids. Old folks need to spend their vacations sharpening their minds, or else senility will set in!

Tom




_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [IAG 2007] >> General >> Curious about IAG SP2 new feature Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts