The Skinny on ISA in SBS 2008
The official word:
"With respect to ISA, here's what we're public on:
- SBS no longer will support being the edge box. You'll need SBS to be behind a network firewall of some sort -- could be a hardware firewall, could be a software firewall, such as ISA.
- ISA, itself, will no longer support running on the SBS server itself -- this is really related to #1. We're building the SBS tools in the next rev assuming that the network firewall is elsewhere."
I wish I was allowed to say more about what's going on in the next version of SBS but I'm not. So from the official statement above it doesn't take a rocket scientist to notice that you're going to have to place your ISA server in front of SBS next time around on a seperate server. Unfortunately there's no public statement about what this means the product list is for SBS Premium because obviously we're going to need another license of Windows for that second server. We'll have to wait and see.
2 Comments:
Windows Server Virtualization (aka Viridian) could solve this problem for people who don't want to get an extra box for ISA. However it would mean giving SBS users some virtualisation rights - ideally for host + 2 virtual instances - one for ISA and one for the rest, and the host (aka parent partition in Viridian-speak) would be running Server Core.
This would mean that the hardware requirements would be a little bit tougher (e.g. more RAM, CPU has to support virtualization), but it would also mean that bare metal deployment would be much faster, as ISA and SBS could ship as pre-configured VHDs.
The problem with Virtualizing your edge firewall is that it's not secure. There are already ways to jump from real to virtual and back again on the hardware side of things. Virtualizing your edge firewall is not recommended.
It is best for it to be on its own box.
Post a Comment
<< Home