Back to ISA Server 2006, I would like to show some configuration which focusing the Configuration Storage Server(CSS) and ISA Server 2006.
As you all know, you can install ISA server and Configuration storage Server within a same machine. but this section will be different. I try to implement ISA Server 2006 Enterprise Edition. It means that the configuration and firewall services are installed separately.
if you see figure above. the explanation of this simple network is described below:
NETOVERME-ISA is an ISA Server 2006 is installed but no configuration storage server. There are two network interfaces are installed for private and public network. private network is set to 172.16.0.1 /24 whereas public network is set to 10.10.1.1/24
NETOVERME-DC – is a domain controller for Netoverme Organization. A DNS server is also installed in the server. the IP address is 172.16.0.2/24
NETOVERME-CSS – is a Configuration Storage Server where the array of the ISA server is stored. CSS server is really related to ISA server which is Netoverme-ISA.
What have I done to the organization?
If you can see, the CSS server is totally separated with the ISA server (Netoverme-ISA). Firstly, I installed and configured Active Directory and the Domain (at the Netoverme-DC) and secondly create a server for Netoverme-CSS and join the domain. On Netoverme-CSS, I installed ONLY the Configuration Storage Server.
Before I proceed with the ISA server 2006 in Netoverme-ISA server, I create account EntAdmin to administer the CSS. I add assign role to the EntAdmin as ISA Server Enterprise Administrator so that he can administer such as Create Array,Create Rule,etc
In Netoverme-CSS, you can create array for the Netoverme-ISA or create later as you install along the ISA server at Netoverme-ISA.
After finishing configuring the CSS server (Netoverme-CSS), you can proceed with the ISA server installed on Netoverme-ISA. you can join domain the server or make as a workgroup. In this case, I just join domain and proceeding the Installation of ISA server. in Netoverme-ISA, you only install ISA Server Component and also ISA server Management. on the Next step, it will the FQDN of Configuration Storage Server. you just typed hostname of CSS server which is netoverme-CSS and simply click Next. You will be asked later on which array should you used. In Configuration Storage Server, the array can be multiple. In this case, the CSS hasn’t create any array yet. Therefore, in the proceeding installation, you can choose to create array. The array is important so that you can create access rule, deny or allow the policy. the credential will be asked for communicating with the CSS server. in my case, I created the EntAdmin which the user is assigned as ISA server Enterprise Administrator on CSS server. I type the entadmin as a credential and also proceed to complete the installation.
The good thing using Configuration Storage Server on different server, you can backup and restore all the configuration in that server whenever your frontend ISA server crash. Also, you may disconnect / connect the enterprise network from the ISA server.