Re: SBS 2003 ISA and hardware firewall
- From: "Tony Vrolyk" <tvrolyk at mlhg dot net>
- Date: Wed, 24 Aug 2005 08:34:12 -0500
Thanks again. All great info.
Is TS best put on a box by itself? Besides WSUS other functions I would like
to have on a separate box include BlackBerry Enterprise Server, secondary
file server, print server all with it's own tape backup so there would be
NTBackup running at night.
Tony
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:eu2eBpOpFHA.1044@xxxxxxxxxxxxxxxxxxxxxxx
> Hi Tony,
>
> The SBS cannot provide the TS Apps mode role, it's restriced to TS
> administrative mode only. Your member server will make an ideal TS apps
> mode server, and it can be accessed both locally (RDP), and remotely via
> Remote Web Workplace.
>
> SUS (probably, you should look at WSUS instead), should not go on a TS
> Apps mode server, but it will go on your SBS no problem.
>
> --
> Les Connor [SBS Community Member - SBS MVP]
> -----------------------------------------------------------
> SBS Rocks !
>
>
> "Tony Vrolyk" <tvrolyk at mlhg dot net> wrote in message
> news:%23%23Hw%23GMpFHA.1444@xxxxxxxxxxxxxxxxxxxxxxx
>> Sorry for the delayed response and thanks to Edward for the email
>> reminder.
>>
>> This anwers my questions perfectly. I am happy that they don't need a
>> proxy client installed and but disappointed that my relay server will be
>> lounging on the couch. I like the idea of spreading around the
>> functions - especially in a couple years as the server ages and more is
>> demanded of it. By that time it might be nice to have some functions
>> handled by other hardware.
>>
>> Now another thought. This installation will be an upgrade from our
>> current SBS 2000 installation (both hardware and OS). The old server will
>> be upgraded to Win2003 Server, become a member server and take on various
>> functions like secondary file server, print server and probably an SUS
>> server. Can it also be a TS server from behind ISA?
>>
>> I would think that asking the SBS server to also be TS in application
>> mode for a fair number of users might be too much - or at least the load
>> could be mitigated by using another box. So is it possible to have a TS
>> server behind ISA.
>>
>> Thanks again,
>> I will check back sooner this time
>> Tony
>>
>>
>>
>> "DesertTroll" <DesertTroll@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:6A7DAD1F-4F5D-4CFA-889A-34472A9B7143@xxxxxxxxxxxxxxxx
>>> Wuzzup Tony,
>>>
>>> 1. If I use ISA does it not become the firewall? Answer: You won't be
>>> able
>>> to install ISA without 2 NICs. It will act as a firewall by filtering
>>> traffic
>>> between the external and internal NIC. Do I need the hardware one?
>>> Answer:
>>> Nope.
>>> Do I keep it just for an added layer of protection? Answer: No, ISA is
>>> virtually impenetrable when configured correctly. Keep the unnecessary
>>> complexity to a minimum.
>>>
>>> 2. If the server goes down doesn't the internet go down with it since
>>> all
>>> clients are going through ISA? Answer: Like a ton of bricks. SBS's ISA
>>> is
>>> the standard version so you can't configure it in an array with other
>>> ISA
>>> servers for fault tolerance. Put the OS in a RAID1 hardware
>>> configuration and
>>> hope for the best.
>>>
>>> 3. Do the clients need a proxy client installed? Answer: "Need", no. You
>>> can
>>> have them use the SBS server with ISA as the default gateway and avoid
>>> the
>>> proxy configuration. If so how do you deal with laptop users who need to
>>> reconfigure when out of the office? Answer: Answered by part one.
>>>
>>> 4. I was thinking of keeping the email relay and install email
>>> anti-virus
>>> and anti-spam to prevent at least some of that from even touching the
>>> SBS
>>> server (reduced load) but if it is behind ISA is there a way for it to
>>> still
>>> be an email relay while also performing some internal functions (print
>>> server, secondary file server, etc)? I am guessing not
>>> Answer: If you place ISA on the perimeter of the network as the physical
>>> touch point for the internet, ISA will answer the door and block or
>>> allow the
>>> spam and virus brigade while your former relay server lays on the couch
>>> and
>>> peeks over the remote intently. If you are going to use ISA I recommend
>>> buying exchange aware anti-virus for Exchange 2003 and downloading the
>>> Exchange Intelligent Message Filter from
>>> http://www.microsoft.com/exchange/downloads/2003/imf/default.mspx. A
>>> "Gateway
>>> Configuration" SCL rating of 8 and a "Junk Configuration" SCL rating of
>>> 5
>>> should keep you from swatting spam out of your face all day. Quite
>>> disgusting.
>>>
>>> 5. Does ISA impact overall server performance significantly? (50-60
>>> users)
>>> Answer: Not anything significantly noticable for me, but you may want
>>> more
>>> opinions.
>>> What happens whone someone starts downloading a big file? Packet
>>> filtering
>>> does slow things down a, but enabling ISA's caching feature more than
>>> makes
>>> up for it. Just leave a good amount of disk space for the cache. 1GB
>>> should
>>> be great. Load the server up with at least 1GB of memory and you'll be
>>> whistling right along.
>>>
>>> This is my second time typing this response so I hope this helps. IE
>>> flipped
>>> me the bird when I clicked "post".
>>>
>>> Peace
>>>
>>> "Tony Vrolyk" wrote:
>>>
>>>> We will be migrating to SBS 2003 from SBS 2000 and have some questions
>>>> about
>>>> ISA.
>>>>
>>>> Our current server has a single NIC and we are using a hardware
>>>> firewall
>>>> (SonicWall TZ 170 Unlimited). As such workstations need no proxy
>>>> installed
>>>> and just point to the firewall as the default gateway. Also we have a
>>>> small
>>>> server acting as an internal email relay (incomding only) for two
>>>> different
>>>> email servers (one SBS 2000 one Novell GroupWise). Given that here are
>>>> my
>>>> questions.
>>>>
>>>> 1. If I use ISA does it not become the firewall? Do I need the hardware
>>>> one?
>>>> Do I keep it just for an added layer of protection?
>>>> 2. If the server goes down doesn't the internet go down with it since
>>>> all
>>>> clients are going through ISA?
>>>> 3. Do the clients need a proxy client installed? If so how do you deal
>>>> with
>>>> laptop users who need to reconfigure when out of the office?
>>>> 4. I was thinking of keeping the email relay and install email
>>>> anti-virus
>>>> and anti-spam to prevent at least some of that from even touching the
>>>> SBS
>>>> server (reduced load) but if it is behind ISA is there a way for it to
>>>> still
>>>> be an email relay while also performing some internal functions (print
>>>> server, secondary file server, etc)? I am guessing not
>>>> 5. Does ISA impact overall server performance significantly? (50-60
>>>> users)
>>>> What happens whone someone starts downloading a big file?
>>>>
>>>>
>>>> My layout would presumably be this
>>>>
>>>> ( internet )
>>>> |
>>>> [HW firewall (4 port) ]
>>>> | \ \ \
>>>> [ SBS2003 ] [public ports for guests]
>>>> |
>>>> [ various switches ]
>>>> | \
>>>> [Clients] [former email relay now a member server]
>>>>
>>>> Any help would be appreciated. Just trying to get my duck in a row
>>>> before we
>>>> emabark on this project
>>>> Tony
>>>>
>>>>
>>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: SBS 2003 ISA and hardware firewall
- From: Edward Tian
- Re: SBS 2003 ISA and hardware firewall
- References:
- SBS 2003 ISA and hardware firewall
- From: Tony Vrolyk
- RE: SBS 2003 ISA and hardware firewall
- From: DesertTroll
- Re: SBS 2003 ISA and hardware firewall
- From: Tony Vrolyk
- Re: SBS 2003 ISA and hardware firewall
- From: Les Connor [SBS Community Member - SBS MVP]
- SBS 2003 ISA and hardware firewall
- Prev by Date: Re: Telnet/ftp problems SBS2000
- Next by Date: Re: Shared user folder cannot be created through add user wizard
- Previous by thread: Re: SBS 2003 ISA and hardware firewall
- Next by thread: Re: SBS 2003 ISA and hardware firewall
- Index(es):
Relevant Pages
|
