Installing and Configuring ISA Enterprise Servers
After all the pre-configuration via the CSS has been performed, the actual installation of ISA Server 2004 Enterprise Edition can be accomplished. Many of the same design factors that applied to the Standard version also apply to the Enterprise version, but it is useful to review these prerequisites and best practices before installing ISA.
Satisfying ISA Server Installation Prerequisites
ISA Server 2004 Enterprise version has the same hardware prerequisites as the Standard version, with Microsoft recommending a minimum of 256MB of RAM, a 550MHz Pentium II, and 150MB of disk space to operate. That said, an Enterprise deployment of ISA Server should never be installed on hardware as limited as that, and additional RAM (1GB or more), faster processors, and more disk space will invariably be needed.It is difficult to pin down the exact hardware that will be required, but ISA itself does not require much in terms of resources. Performance metrics allow for up to a T3 of network input into an ISA Server before an additional server is needed, so it is not common to run into performance issues relating to a properly speced system.ISA Server 2004 Enterprise Edition can run on either Windows Server 2003 or Windows 2000 Server versions, but it is highly recommended to install it on Windows Server 2003 only. This version is the most secure and integrates better with ISA Server 2004.ISA Server 2004 operates if it is installed onto servers that are domain members, and it also functions on servers that are not domain members (workgroup members). Work group member ISA Servers require server certificates to be installed between CSS members, however, and also are limited to authenticating users using the RADIUS protocol.
Installing the ISA Server Software
After a server for ISA has been identified, the operating system should be installed with default options. See Chapter 2, "Installing ISA Server 2004," for a step-by-step guide to this process. After the OSA is installed, ISA can be installed via the following process:
|1.||Insert the ISA Server 2004 Enterprise Edition media into the server and wait for the autorun screen to be displayed (or double-click on the ISAAutorun.exe file).|
|2.||Click the Install ISA Server 2004 link.|
|3.||Click the Next button.|
|4.||At the license agreement dialog box, click I Accept the Terms in the License Agreement and click Next.|
|5.||Enter a User Name, Organization Name, and Product Serial Number and click Next.|
|6.||Under Setup Scenarios, select Install ISA Server Services and click Next.|
|7.||In the Component Selection dialog box, leave the defaults and click Next to continue.|
|8.||On the Locate Configuration Storage Server dialog box, shown in Figure 6.18, enter the FQDN of the CSS server (for example, server20.companyabc.com) and click Next to continue.|
Figure 6.18. Installing the ISA Server services.
|9.||Under Array Membership, select Join an Existing Array and click Next.|
|10.||Under the Join Existing Array dialog box, shown in Figure 6.19, enter the Array name (or browse to select) and click Next.|
Figure 6.19. Joining the server to an array.
|11.||The subsequent dialog box allows for the type of authentication to be selected. This enables non-domain ISA Servers to have a certificate installed. In this example, because the servers are domain members, choose Windows authentication and click Next.|
|12.||In the Internal Network dialog box, click the Add Adapter button.|
|13.||Check the box for the Internal network adapter, as shown in Figure 6.20, and click OK, and OK again.|
Figure 6.20. Defining the Internal network.
|14.||Click Next, Next to continue.|
|16.||Click OK when finished.|
After ISA Setup, the install process opens Internet Explorer and provides links to ISA resources at Microsoft. It is important to check the latest list of patches and downloads on these links, and install them if they are required.In this scenario, two ISA Servers are installed and deployed. The second server should be installed through the same process as was defined previously. The one difference to this process is that the Internal network is not prompted for definition; it is defined already.
Configuring the Inter-Array Communication IP Address
Each array member needs to be configured to use the proper IP address on the NLB isolated network for communications between array members. To configure this setting, do the following:
|1.||From the ISA Console on the newly installed server, navigate to Arrays, Edge-Array, Configuration, Servers.|
|2.||In the Details pane, right-click the server name and choose Properties.|
|3.||Select the Communication tab.|
|4.||Choose the IP address of the array network adapter from the drop-down box, as shown in Figure 6.21.|
Figure 6.21. Selecting the inter-array communication IP address.
|5.||Click OK, Apply, and OK.|
Perform the same process on the second server as well. The array members are now ready for additional rule and array configuration. The final step in this scenario is to enable load balancing of network traffic and cache traffic.