Re: Installation of ISA Server 2006 Problems
- From: "ZVR" <no_spam_ever@xxxxxx>
- Date: Tue, 29 Aug 2006 11:22:52 -0400
Let's look at the list whose URL you published. Here are features found
in
standard edition of Windows 2003 that really have no particular value for
a
proxy server:
[long list removed]
While I agree with your comment, we weren't debating that, rather your
previous statements (feel free to re-read your previous post):
[start quote]
Come on, the Web Edition of Windows 2003 is intended to be an application
server. It clearly is not very stripped down.
[end quote]
Those statements were incorrect and you know it. If you want to fine tune
them now, and to draw an artificial line based on that list as to what
constitutes an "application server" and what not, that's your own business.
Fact of the matter is, Web Edition does NOT qualify for the the vast
majority of what most of us consider to be an "application server".
Of all of the features, I found only two that would have value for *some*
enterprise implementations of ISA Server, and even then only if they need
a
lot of additional processing on the ISA Server:
4-way SMP
Support for 4 GB of RAM
Define "a lot of additional processing". Believe me, depending on the amount
of traffic that goes through your ISA, and it's nature, 2 Gb can be very
little, especially if you use MSDE logging - which is one of the main
selling points of ISA2004 compared to ISA2000.
Also if you host commercial sites or a high-traffic OWA site and you use SSL
bridging to decrypt and inspect SSL traffic as it passes through ISA
(another key feature of ISA), you can run into CPU bottlenecks pretty easy.
Bottomline if you're discussing about low-demand environments, small
businesses etc, there is already a (cheap) solution from MS - the Small
Business Server offering. Now on the other hand if you want enterprise-grade
performance and no limitations, you better start counting your coin.
A firewall is for all of its complexity not
much more than an intelligent network I/O application. There are mostly
table lookups and lots of copying of packets from one network interface to
another. It is not a CPU intensive application.
Again... incorrect, in ISA's case. Let me give you a (brief) list of
widely-used features in ISA that are resource-intensive. (I'm not saying
that's a good thing, just that's how it is... if you don't like it, feel
free to replace ISA with iptables or a Linksys router.)
Here we go:
- MSDE logging (memory, disk, CPU)
- web publishing using SSL bridging (CPU)
- application filters (CPU, memory)
- VPN connections (CPU)
- web proxying (disk, and memory... lots of memory! depending on how many
clients you have)
But a small company, running a basic firewall
configuration, doesn't need that additional CPU or memory.
Correct. Again, you have SBS, and you have the $45 Linksys box for the small
company.
The fact that firewalls are not normally CPU intensive accounts for why
there are many successful Checkpoint implementations running today on 200
MHz CPUs. We have such a firewall, running 12 network interfaces with
low
amounts of traffic at 10/100 speeds in a DMZ, with 256 MB of memory under
Windows, and it works very fast. I've never seen physical memory
exhausted on that box once.
If you're so happy with the Checkpoint, why don't you install one of those
at this particular site? Oh, I forgot, it costs too much... yet you complain
about a $400 price differential (or less) to go from Web Edition to
Standard. You know, referring to a configuration that costs 5 times as much
is hardly the way to support the argument that ISA should allow you to save
a measly 500 bucks by running on Web Edition.
And by the way... just out of pure curiosity... does Checkpoint support
running their software on Web Edition??
Even accounting for all of the bloatware in Windows 2003, I'm pretty sure
Microsoft can pull off a basic firewall in 2 GB of memory and with two
processors, and they would probably be able to service 50% of the small
company market with that product.
They already have a product for that market - SBS. A very successful one, I
might add.
Well, believe it or not, there are small companies out there with all of
the
above listed applications running just fine on Windows 2000.
Last time I checked none of the Windows 2000 server editions had those
limitations (2-way SMP and 2 Gb of RAM).
To be honest, ISA Server 2004 on Windows 2000 works.
Not everything. IPSEC pass-through traffic and some other things supported
by the (less capable) RRAS in Windows 2000 don't. Other than that, yes
ISA2004 works fine on Windows 2000. Again this does not prove your point -
there was no 'Web Edition' equivalent in the Windows 2000 Server lineup.
I guess we could
stick with that for a very long time. We had just purchased a lot of
the
Web Edition of Windows 2003, and I was hoping to get some leverage out of
money we already spent. The upgrade to ISA Server 2006 was just an
impulse buy, and I guess I can postpone that impulse.
Well it doesn't matter... none of the ISA versions will run on Web Edition
anyway so if you need to buy ISA, you might as well buy 2006.
Virgil
.
- Follow-Ups:
- Re: Installation of ISA Server 2006 Problems
- From: Will
- Re: Installation of ISA Server 2006 Problems
- References:
- Installation of ISA Server 2006 Problems
- From: Will
- Re: Installation of ISA Server 2006 Problems
- From: Will
- Re: Installation of ISA Server 2006 Problems
- From: ZVR
- Re: Installation of ISA Server 2006 Problems
- From: Will
- Installation of ISA Server 2006 Problems
- Prev by Date: ICA and RDP unusable
- Next by Date: Re: Installation of ISA Server 2006 Problems
- Previous by thread: Re: Installation of ISA Server 2006 Problems
- Next by thread: Re: Installation of ISA Server 2006 Problems
- Index(es):
Relevant Pages
|
|
