Creating and Configuring ArraysISA 2000 Enterprise Edition introduced the concept of an array, and ISA Server 2004 Enterprise improved upon it. Essentially, an array is a grouping of ISA Servers that have the same NIC configuration and are connected to the same networks. They are meant to act as redundant load balanced members of a network team, either with integrated Windows Load Balancing or through the use of a third-party load balancer.For example, an organization may have an array of ISA Servers acting as edge firewalls for an organization. If one of the array members were to go down, the other one would shoulder the load. There also may be other arrays within the organization that protect other critical network segments from internal intrusion. Essentially, arrays provide a critical measure of load balancing and redundancy to a security environment.
Creating ArraysArrays can be defined in CSS before the ISA Servers have been installed. In this example, a single edge-firewall array is created via the following procedure:
|1.||From the ISA Enterprise Admin Console, click on the Arrays Node in the Console tree.|
|2.||In the Tasks tab, click the Create New Array link.|
|3.||Enter a name for the array, such as Edge-Array.|
|4.||Under the Array DNS Name dialog box, shown in Figure 6.13, enter the Fully Qualified Domain Name (FQDN) of the array, such as |
Figure 6.13. Creating an array.
|5.||In the Assign Enterprise Policy dialog box, select the customized policy previously created from the drop-down box, such as CompanyABC Policy, and click Next to continue.|
|6.||Under the types of array firewall policy rules that can be created, leave all checked, as displayed in Figure 6.14, and click Next to continue.|
Figure 6.14. Defining array policy rule types.
|7.||Click Finish, OK, Apply, and OK to save the settings.|
Configuring Array SettingsCreating an array opens up an entirely new set of nodes in the ISA Enterprise Admin Console, as shown in Figure 6.15. In fact, the array nodes may look familiar to an Administrator familiar with the Standard version because they are nearly identical to that version.
Figure 6.15. Examining the newly created array console settings.[View full size image]
Figure 6.16. Examining the array properties tabs.
Creating the NLB Array NetworkIf Windows Network Load Balancing will be used for the ISA Servers, then an additional NIC needs to be added and an isolated network created between those two servers, as shown in Figure 6.2. This network is solely devoted to NLB traffic, which is required because the NLB operates only in unicast mode.As well as being physically set up to provide for NLB, the network needs to be defined within the array. To define this network, do the following:
|1.||In the ISA Enterprise Admin Console, click on Arrays, Edge-Array (Array Name), Configuration, Networks node in the Console tree.|
|2.||In the Tasks tab of the Tasks pane, click the link for Create a New Network.|
|3.||In the Network Name field, enter Edge-Array-NLB and click Next.|
|4.||In the Network Type dialog box, shown in Figure 6.17, select Perimeter Network and click Next.|
Figure 6.17. Creating the NLB Array Network.
|5.||Under Network Addresses, click Add Range.|
|6.||Enter a start address and end address, such as 172.16.1.0 and 172.16.1.255, and click OK.|
|7.||After the address is entered, click Next to continue.|
|8.||Click Finish, Apply, and OK.|