I am currently working as a Senior Field Consultant. I started my professional career in 1999 in India. In the year 1999 I decided to transition from the Retail Industry to hard core Information Technology, which was always my strength and desire. I realised my strengths and keen interest when I worked on Dbase III Plus a few years back but due to various constraints I could not pursue my career at that point in time. I have worked in various capacities in the fields of Software Technology, as Systems administrator, Systems Support Engineer, Implementations Engineer and Senior Implementation Engineer. Currently, I am based as Senior Field Consultant for a Microsoft Gold Partner in Oxford, U.K.
I am certified in various disciplines
CCIE # 23368
CCNP
CCNA
CCA
MCSE NT, 2k & 2k3
MCSA 2k & 2k3
MCSE 2k & 2k3 (Messaging & Security)
MCSA 2k & 2k3 (Messaging & Security)
I devote my free time to the technology communities. I believe knowledge grows by sharing and I love to share my knowledge. I believe it is important to be passionate and really enjoy whatever you do. I am also the founder and maintain Ahmedgroup (http://www.ahmedgroup.co.uk)
Configure ISA 2006 Enterprise edition in an Enterprise Array atricle series I will walk you through this process. In this PART 1 of the series we will collate information and get ready with a detailed pre installation checklist to ensure a smooth installation. This will also provide us a good insight of how all the various nuts and bolts integrate together.
Design: As you read further in this Article series you will also see the high level of resilience built in this design i.e. we will have multiple online Configuration storage server(s) for fail back. We will also have more than one ISA server(s) for high availability using virtual ip address & this does NOT involve any special hardware (load balancers).
Before I go any further I read this sometime back not sure when & where but I must share this right now anyways. :)
The law of 7 P's
==================================
Prior Proper Planning Prevents Piss Poor Performance
==================================
Scenario: For this scenario, the assumption is that both (CS) servers & both ISA server(s) are members of the same domain i.e. lab.com.
Note: Ensure the server(s) meets the minimum hardware requirements recommended by Microsoft.
64 BIT Support: ISA 2006 cannot be installed on 64 bit versions of Windows 2003.
Hardware: The number of servers I have used for this lab:
Note: You don't necessary need so many servers and you can use some existing servers for (ADAM) as well but for the article series I have used individual servers simply for your benefit.
1. DC + DNS.
2. CS1 (Configuration Storage Server [ADAM] )
3. CS2 (Configuration Storage Server [ADAM] )
4. ISA01 ( ISA 2006 running ISA Server services ) * 3 NIC's
5. ISA02 ( ISA 2006 running ISA Server services ) * 3 NIC's
Microsoft Windows Update: All the above servers have been installed with the latest Service Pack i.e. SP2 + all recomended updates.
DNS: Ensure DNS resolution is configured and is working on the network for internal & external lookups. This is where things can become very confusing for many so here is a link from Microsoft to help you clear some doubts.
DNS servers in most cases should be configured on the internal network adapter and should point to an internal DNS server. Confirm that the name resolution is working properly. Depending on your configuration, you might have to create an access rule to allow DNS queries from the Internal network. I will show you how to acheive this in this article series.
Network: Ensure the network is configured properly and all the routing issues are resolved before hand. If multiple subnets are involved with VLAN's or routers than ensure they are reachable. If static routes need to be added to the ISA servers this needs to be done prior the installation of the ISA services. This can be edited later but at the time of the installation if problems appear due to routing than you will land up in a tight spot & troubleshooting will become very difficult.
Placement of services: Microsoft has allowed users to install ISA services + CS on the same server & it is a supported by Microsoft as well but not recommended. Due to the importance of the Configuration Storage server (CS) to an ISA Server 2006 EE deployment, Microsoft recommends that the CS and array members be installed on separate servers in production environment.
If Configuration Storage server (CS) is installed on a DC than additional configuration steps are required due to the complications of the services running on a DC. If I get a chance I will try to cover this is PART 2 of this series when I discuss the CS install & config.
The (CS) servers stores the configuration information for all of the arrays in the enterprise. The (CS) servers uses ADAM for storage. The Array members (ISA servers) store there configuration in there local registry.
When configuration changes are made in an enterprise array, the changes are made in the Configuration Storage server (CS).
All members in the array contact the (CS) servers for configuration changes, If changes are discovered each ISA member will update there local registry respectively.
Also ensure you have a documented plan of all ip address which will be required in the coming articles.
Fully qualified domain name (FQDN): LAB.COM
DC1: Domain Controller
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.200 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
192.168.1.254 |
DNS |
192.168.1.200 |
CS1: Configuration Storage Server
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.201 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
192.168.1.254 |
DNS |
192.168.1.200 |
CS2: Configuration Storage Server
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.202 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
192.168.1.254 |
DNS |
192.168.1.200 |
Note: Make sure DNS settings are configured properly because the CS servers needs to be able to resolve the FQDN names of all of the array members.
ISA01: ISA Server Array Members (ISA Server Firewall servers)
|
Property |
Value |
Property |
Value |
|
IP address |
172.16.7.203 |
Subnet mask |
255.255.0.0 |
|
Default gateway |
172.16.7.1 |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.1 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
192.168.1.200 |
Alternate DNS server |
Not applicable |
Internal Network (2) (Intra-Array Network)
|
Property |
Value |
Property |
Value |
|
IP address |
10.10.10.1 |
Subnet mask |
255.0.0.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
ISA02: ISA Server Array Members (ISA Server Firewall servers)
External Network Adapter
|
Property |
Value |
Property |
Value |
|
IP address |
172.16.7.204 |
Subnet mask |
255.255.0.0 |
|
Default gateway |
172.16.7.1 |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
Internal Network Adapter
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.2 |
Subnet mask |
255.255.255.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
192.168.1.200 |
Alternate DNS server |
Not applicable |
Internal Network (2) (Intra-Array Network)
|
Property |
Value |
Property |
Value |
|
IP address |
10.10.10.2 |
Subnet mask |
255.0.0.0 |
|
Default gateway |
Not applicable |
Not applicable |
Not applicable |
|
Preferred DNS server |
Not applicable |
Alternate DNS server |
Not applicable |
Internal Network Load Balance (NLB between ISA array members)
|
Property |
Value |
Property |
Value |
|
IP address |
192.168.1.254 |
Subnet mask |
255.255.255.0 |
External Network Load Balance (NLB between ISA array members)
|
Property |
Value |
Property |
Value |
|
IP address |
172.16.7.254 |
Subnet mask |
255.255.0.0 |
Lets go ahead and see how all the bits now fit together & also how this inital information will come in hand as we go along.
In the coming series you will see how we can configure CS services & ISA services.
Pitfalls: Once you have completed installing CS & ISA servers you will notice that connections are lost with the Configuration storage server’s intermittently. Please read this article from Microsoft “Receive Side Scaling” on Windows 2003 SP 2. I till try and post some screen shots in Part 4.