Sounds like a good plan you have. I haven't run RainWall/RainConnect on the DL320's, but I don't expect there to be a problem. If you do run into an issue, the most likely reason will be due to the system hardening. That will help the Rainfinity support folks know where to start. Other than that, I see no problems with running Rainwall/Rainconnect on the DL320s.
A few months back I read a review you posted (I think it was you) about the HP DL320 ISA appliance, and as we are getting ready to retire our existing ISA 2000 box in favor of an appliance, I thought I would revisit the article to confirm that this is a well-regarded solution. However, try as I might I can't find that article anymore - have you pulled the review of the HP solution? If so, is there something scary about it that I should look to avoid? My plan was to purchase the HP appliance and then install RainConnect on it to load balance across our multiple ISP connection.
On a similar note, I see that there is a review of the HP appliance and a few others at the WindowsIT pro site, but as I'm not a member I can't access the review. Did the HP stack up well in that roundup, or did another option seem to be a clear winner? We are looking to spend around $4K for the appliance if that helps put that question in perspective.
This is my first post on this site, although I have used ISAServer.org as a reference for years. Any feedback you could provide would be greatly appreciated. Thanks!
I don't know what happened to that reivew. I see references to it on Google, but they all point to dead links. I'll see what I can find out.
The HP box did well, if you're into the pure ISA firewall experience. The Network Engines was a good selection for those who want the look and feel of a traditional hardware firewall, since you'll see almost no trace of Windows in the management experience.
Thanks for the response Tom - I'll be on the lookout for that review, in case it turns up somewhere. In the meantime, since we're pretty familiar with (and happy with) ISA Server thus far, I think we're going to go ahead with the HP appliance. Again, I appreciate the feedback, not to mention all the awesome ISA articles you've contributed over the years - they've been a HUGE help to us.
First thx for a great article and a great forum (to all you ISA people out there)
I've just got one question this time
If I look at the configuration, there is only one Hard drive in "sata 80 GB". I've asked HP if it was posible to buy it with a raid 1 and either two sata or scsi hotswap drives in and they told me no. In my exsperience HD's always go on strike at some point , so I like to have at least a raid 1 with hot swap in and this HP server don't offer that. Ain't it better to have at least a raid 1 with hotswap in the firewall in case the Hard drive deside to go on strike?
He He and he is my question two (Though I did only have one): Is there some servers you (the isa people on this board) prefer. Server there perform better than others etc?
I have had a DL320 in production for almost 4 months. Although I have not looked at other ISA FW appliances I have been very happy with both ISA and the DL320. I do have a couple of gripes.
1. While the server comes with SATA RAID on board it is not possible to use it with HP's image. I contacted HP to verify that I was correct and they confirmed. (I don't see why they do not offer 2 restore disks. One to use with HW RAID and one for single disk). Right now I am using Software RAID 1.
2. Virus Throttle. Out of the box the Virus Throttle is practically useless. It works fine if there are only ~10 connections on your network but as users increase it brings your internet connection to it's knees (Session timeouts slow / non existant browsing. Don't even try CNN). I spent weeks trying to figure out why our internet connection was so slow. I even built a white box ISA 2004 and tested it. When it outperformed the DL320 I was peeved. Then I turned off the Virus Throttle and everything is great. In concept the VT sounds like a great idea but the documentation on how to properly configure it is sorely lacking.
Tom, do you have any config recommendations for the VT?
I ordered ours DL320 from CDW. It was on BO when we placed the order. It took about two weeks for it to be deliverd.
We have installed 2 of these boxes into our infrastructure.
We bought extra sata drives for these servers. We did not relise the problems with adding another SATA drive and configuring raid through the motherboard/raid setup.
HP do tell you that their restore disks do NOT support SATA raid However we managed to work out quite an easy procedure for migrating the HP restore disks to a raid setup. You can even upgrade your existing installation.
I am in the proccess of creating a document for this install. If anyone is interested I will post the info here.
Guthrie Wernham Systems Administrator Aberdeenshire Council
Firewall Admin : Nokia Checkpoint, ISA 2000, ISA 2004
From: Sydney, Australia
I have a HP Proliant DL320 G3 with ISA pre-installed. Everything is running fine and the ISA Configuration Backup is OK except that when I restore the configuration, it gives me the error message "Error: 0xc004038f, The MSDE feature is currently not installed. To install MSDE, in the Add/Remove Programs applet, select Microsoft ISA 2004 and click change. Then in Microsoft ISA 2004 installation wizard, use the Modify option to add MSDE to the installation.". Then when I follow the instruction from the error message above, it asks me to "put the command line for the uninstallation program" which I am not sure what to put.
Hello. Is it possible, with the isa-in-a-box, to load a 3rd-party agent? I'm thinking in particular of APC Powerchute 7.04 agent, to allow the DL320ISA to be shut down gracefully. Also I want to install a 2nd Serial ATA to mirror the boot disk. Is this a good idea or should I go for 2 x SCSI and a software raid1? Many thanks, Derek
Sorry for not getting back to you earlier. We managed to build two servers using our process. I did not get a chance to create a document for this process. I was forced to put both servers into a live environment. Both servers now act as a firewall protecting our network from our ISDN and PSTN dialup lines. I work in a very busy IT department, so resources are always in short supply. I had meant to re-stream one of the servers and document this process properly. I should be able to talk you through the process. Generally what you need to do is the following : Make sure you are starting off with a re-streamed product. If you have configured any raid options make sure you delete any raid settings and reset the hardware (from the restore CD). Once re-streamed startup the server and go through the standard configuring options. Once you get through all the network and ISA configuration screens and into the OS you need to add two new drivers. They are : Adaptec AHCI Serial ATA HostRAID Adaptec Processor Device (Pseudo) Since you are adding these drivers without the devices being enabled you will have to add them is a different way. I have found the document that I started.
Steps to configure ISA servers (MRM) to use SATA Raid
Unzip ‘Adpahci.1.0.414.0-3842-Windows2000_2003.i686.zip’ to a floppy disk
Initialise Hardware (F1) if not new hardware Restore Software (F2) if not new software Press C Press A Server will reboot Login Go through Windows Setup Wizard. Answer question as required. After this the server reboots. Login Server reboots after doing some initiations tasks Login Control Panel > Add Hardware Add new hardware device, manually select (advanced) SCSI/RAID Have disk Load both drivers.'Adaptec AHCI Serial ATA HostRAID and Adaptec Processor Device (Pseudo)'
Reboot server. When rebooted the server should display errors starting services. Login and shutdown. Press F10 on startup Go into Setup, Advanced Options, SATA software raid, Enable Press escape twice, and press F10. Server reboots. When server is rebooting press (Ctrl A) at the raid bios. Go into Array Config Configure Drives Insert x 2 drives.
This is as far as I got with the document I think once you have added both drives to the raid, then you choose to prepare the raid using the first disk as the disk to copy from. I have attached the drivers that I used. Once you have done all this you can install the 'HP Storage Manager' to veiw and configure the raid. (hpsm_win_3.10.00-4242_x86.zip). I can send this to you, but you can download it from HP
Have a go. If you have any problems don't hesitate to contact me. Again sorry for the late reply. Kind regards
I looked at them (Network Engines) this morning and to get the Raid you have to go with their NS8200 model that costs $9500.00 for the box plus the $595.00/year support. That put it way out of the range for my clients needs.
I can get a Dell server with Raid and install ISA 2004 myself for about 1/2 the cost of the NS8200.
Do you know if the HP has a Raid option out of the box? I know that you can get the 320 with Raid as a server.
I read your report on the DL320 and I see what you mean about not giving them that last 1/2 star. They have a page on their web site on the package, but no part numbers and their link to order it on-line appears to be a link to the DL320 server only.
Is the only real advantage to using a hardware appliance the setup time it saves you?
If you had $5000.00 to spend for the hardware(with Raid-1)/software, which way would you go?
Kelly Hale, MCP ICS Systems, Inc. firstname.lastname@example.org