- Home
- Internet Security and Acceleration Server
- Installation
- Step by Step Guide Installing ISA 2006 Enterprise Edition Part 1
- Home
- Internet Security and Acceleration Server
- Step by Step Guide Installing ISA 2006 Enterprise Edition Part 1
Step by Step Guide Installing ISA 2006 Enterprise Edition Part 1
- By Huzaifah Ahmad
- Published 09/11/2007
- Installation , Internet Security and Acceleration Server
-
Rating:
Configure ISA 2006 Enterprise edition in an Enterprise Array atricle series I will walk you through this process. In this PART 1 of the series we will collate information and get ready with a detailed pre installation checklist to ensure a smooth installation. This will also provide us a good insight of how all the various nuts and bolts integrate together.
Design: As you read further in this Article series you will also see the high level of resilience built in this design i.e. we will have multiple online Configuration storage server(s) for fail back. We will also have more than one ISA server(s) for high availability using virtual ip address & this does NOT involve any special hardware (load balancers).
Before I go any further I read this sometime back not sure when & where but I must share this right now anyways. :)
The law of 7 P's
==================================
Prior Proper Planning Prevents Piss Poor Performance
==================================
Scenario: For this scenario, the assumption is that both (CS) servers & both ISA server(s) are members of the same domain i.e. lab.com.
Note: Ensure the server(s) meets the minimum hardware requirements recommended by Microsoft.
64 BIT Support: ISA 2006 cannot be installed on 64 bit versions of Windows 2003.
Hardware: The number of servers I have used for this lab:
Note: You don't necessary need so many servers and you can use some existing servers for (ADAM) as well but for the article series I have used individual servers simply for your benefit.
1. DC + DNS.
2. CS1 (Configuration Storage Server [ADAM] )
3. CS2 (Configuration Storage Server [ADAM] )
4. ISA01 ( ISA 2006 running ISA Server services ) * 3 NIC's
5. ISA02 ( ISA 2006 running ISA Server services ) * 3 NIC's
Microsoft Windows Update: All the above servers have been installed with the latest Service Pack i.e. SP2 + all recomended updates.
DNS: Ensure DNS resolution is configured and is working on the network for internal & external lookups. This is where things can become very confusing for many so here is a link from Microsoft to help you clear some doubts.
DNS servers in most cases should be configured on the internal network adapter and should point to an internal DNS server. Confirm that the name resolution is working properly. Depending on your configuration, you might have to create an access rule to allow DNS queries from the Internal network. I will show you how to acheive this in this article series.
Network: Ensure the network is configured properly and all the routing issues are resolved before hand. If multiple subnets are involved with VLAN's or routers than ensure they are reachable. If static routes need to be added to the ISA servers this needs to be done prior the installation of the ISA services. This can be edited later but at the time of the installation if problems appear due to routing than you will land up in a tight spot & troubleshooting will become very difficult.
Placement of services: Microsoft has allowed users to install ISA services + CS on the same server & it is a supported by Microsoft as well but not recommended. Due to the importance of the Configuration Storage server (CS) to an ISA Server 2006 EE deployment, Microsoft recommends that the CS and array members be installed on separate servers in production environment.
If Configuration Storage server (CS) is installed on a DC than additional configuration steps are required due to the complications of the services running on a DC. If I get a chance I will try to cover this is PART 2 of this series when I discuss the CS install & config.
The (CS) servers stores the configuration information for all of the arrays in the enterprise. The (CS) servers uses ADAM for storage. The Array members (ISA servers) store there configuration in there local registry.
When configuration changes are made in an enterprise array, the changes are made in the Configuration Storage server (CS).
All members in the array contact the (CS) servers for configuration changes, If changes are discovered each ISA member will update there local registry respectively.
Also ensure you have a documented plan of all ip address which will be required in the coming articles.
Fully qualified domain name (FQDN): LAB.COM
DC1: Domain Controller
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.200 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
192.168.1.254 |
DNS |
192.168.1.200 |
CS1: Configuration Storage Server
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.201 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
192.168.1.254 |
DNS |
192.168.1.200 |
CS2: Configuration Storage Server
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.202 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
192.168.1.254 |
DNS |
192.168.1.200 |
Note: Make sure DNS settings are configured properly because the CS servers needs to be able to resolve the FQDN names of all of the array members.
ISA01: ISA Server Array Members (ISA Server Firewall servers)
|
Property |
Value |
Property |
Value |
|
IP address |
172.16.7.203 |
Subnet mask |
255.255.0.0 |
|
Default gateway |
172.16.7.1 |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.1 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
192.168.1.200 |
Alternate DNS server |
Not applicable |
Internal Network (2) (Intra-Array Network)
|
Property |
Value |
Property |
Value |
|
IP address |
10.10.10.1 |
Subnet mask |
255.0.0.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
ISA02: ISA Server Array Members (ISA Server Firewall servers)
External Network Adapter
|
Property |
Value |
Property |
Value |
|
IP address |
172.16.7.204 |
Subnet mask |
255.255.0.0 |
|
Default gateway |
172.16.7.1 |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
Internal Network Adapter
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.2 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
192.168.1.200 |
Alternate DNS server |
Not applicable |
Internal Network (2) (Intra-Array Network)
|
Property |
Value |
Property |
Value |
|
IP address |
10.10.10.2 |
Subnet mask |
255.0.0.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
Internal Network Load Balance (NLB between ISA array members)
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.254 |
Subnet mask |
255.255.255.0 |
External Network Load Balance (NLB between ISA array members)
|
Property |
Value |
Property |
Value |
|
IP address |
172.16.7.254 |
Subnet mask |
255.255.0.0 |
Lets go ahead and see how all the bits now fit together & also how this inital information will come in hand as we go along.
In the coming series you will see how we can configure CS services & ISA services.
Pitfalls: Once you have completed installing CS & ISA servers you will notice that connections are lost with the Configuration storage server’s intermittently. Please read this article from Microsoft “Receive Side Scaling” on Windows 2003 SP 2. I till try and post some screen shots in Part 4.
Spread The Word
Article Series
-
Step by Step Guide Installing ISA 2006 Enterprise Edition Part 1
Related Articles
Comments