Installing ISA Server 2004 Enterprise Edition – Part 2 – Installing ISA Server 2004 F
[LEFT][FONT=Times New Roman]This is the second part article of a four part article series which will show you how to install and configuring ISA Server 2004 Enterprise Edition on two ISA Server Firewall members.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Let's begin[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]For this article series we have the following configuration:[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Name[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Role[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Configuration[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]DEN-DC-01[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Windows 2003 Domain Controller[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]INTERNAL: 192.168.1.10[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]DEN-CSS-01[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Windows 2003 Member Server with ISA Server 2004 Configuration Storage Server[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]INTERNAL: 192.168.1.20[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]DEN-ISAEE-01[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Windows 2003 Member Server with ISA Server 2004 Enterprise Firewall[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]INTRAARRAY: 192.168.0.1[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]INTERNAL: 192.168.1.1[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]EXTERNAL: 172.16.1.1[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]DEN-ISAEE-02[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Windows 2003 Member Server with ISA Server 2004 Enterprise Firewall[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]INTRAARRAY: 192.168.0.2[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]INTERNAL: 192.168.1.2[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]EXTERNAL: 172.16.1.2[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]First start the Configuration Storage Server and check the event logs for errors. If everything is fine, insert the ISA Server 2004 CD into the first Windows Server 2003 machine and start the setup process. Select Install ISA Server services (Figure 1). [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 1: Install ISA Server services[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]This setup option installs the ISA Server components and ISA Server Management. If you wish to install additional components select the required features (Figure 2).[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 2: Select ISA Server components[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]In the next installation screen (Figure 3) you must specify the Configuration Storage Server and the credentials for connecting to this server. [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 3: Select the Configuration Storage Server[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Select Join an existing array. To join an existing array the installation account must have ISA Server Array Administrator privileges. You will learn more about ISA Server permissions and delegation feature in the next article of this article series on [url]www.isaserver.org[/url]. [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 4: Join an existing Array[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Select the Array Name MainArray (Figure 5). You must have Array Administrator rights to install the ISA Server Firewall into the existing Array. [/FONT]
[FONT=Times New Roman]Port requirements for ISA Server communication[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]ISA Server components require several ports to communicate with other Configuration Storage Servers, ISA Server Firewall members and ISA Server Management computers.[/FONT]
[FONT=Times New Roman]MS Firewall Storage[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]MS Firewall Storage is an inbound LDAP-based protocol. It uses port 2172 for SSL connections and port 2171 for non-SSL connections. Array Members communicate with the Configuration Storage Server using the MS Firewall Storage protocol. Computers running the ISA Server Management console also use the MS Firewall Storage protocol to read and write from the Configuration Storage Server. [/FONT]
[FONT=Times New Roman]MS Firewall Storage Replication[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]This protocol is an outbound TCP protocol, which is defined on port 2173. MS Firewall Storage Replication is used for configuration replication between Configuration Storage Servers. [/FONT]
[FONT=Times New Roman]MS Firewall Control[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]This is another outbound TCP protocol and is defined on port 3847. It is used for communications between ISA Server Management and computers running ISA Server services. [/FONT]
[FONT=Times New Roman]Remote Procedure Call (RPC)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]To monitor server performance, the ISA Server Management computer requires remote procedure call (RPC) connectivity to the ISA Server computers.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 5: Specify the Array this ISA Server computer will join[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Select Windows authentication (Figure 6) because we are deploying ISA Server services and the Configuration Storage Server in the same domain so that the connection will be encrypted (signed and sealed).[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 6: Select Windows authentication[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Specify the IP address range for the internal network. The internal IP address range will be protected from ISA Server 2004 Enterprise. It is also possible to select Enterprise networks but we haven't created an Enterprise network in our ISA Server Array and you will learn in an upcoming article what Enterprise networks are.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 7: Specify the internal IP address ranges[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]During installation, some services running locally on this computer may be restarted or disabled (Figure 8) and some services will be disabled during installation.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 8: Disabled Services and Services to restart[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]After finishing setup you must restart the Server so that the configuration changes take effect.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 9: Click Yes to restart the Server [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Repeat these steps installing ISA Server 2004 Firewall services on the second ISA Server.[/FONT]
[FONT=Times New Roman]After installing the second Server restart this server and after both ISA Server nodes are rebooted, you can start the ISA Server Management console and navigate to Arrays – Main Array – Configuration – Servers to see if both servers are operational. If everything is fine you will see a green icon (Figure 10) on every ISA Server object.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Figure 10: Congratulations. You have successfully installed your first ISA Server 2004 Enterprise Array with two ISA Array Members.[/FONT][/LEFT]