Procedure 8: Creating a second array in the enterprise

  • Article

You have an enterprise Configuration Storage server and a single array, representing the main branch. You can now add a second array to the enterprise.

Note

This procedure requires connectivity between the branch network and the main network. In a production environment, the connectivity would likely be a VPN connection. In a laboratory environment, use a physical connection to provide connectivity. Site-to-site VPN connections are described in the document Site-to-Site VPN in ISA Server 2004 Enterprise Edition(https://www.microsoft.com/).

Configuring the replicate Configuration Storage server

We recommend that each branch include a replicate Configuration Storage server. This provides fault tolerance for your enterprise configuration, and can provide a shorter communication path from the array to the enterprise storage.

Adding the replicate Configuration Storage server to the replicate Configuration Storage servers computer set

The computer on which you will install the replicate Configuration Storage server will not be able to communicate with the main Configuration Storage server unless you add it to the replicate Configuration Storage servers computer set on the main Configuration Storage server.

Perform this procedure on the main office Configuration Storage server, Main-Storage.

To add the replicate Configuration Storage server to the replicate Configuration Storage servers computer set:

  1. In ISA Server Management, expand Enterprise, expand Enterprise Policies, and click one of the enterprise policies.

  2. In the task pane, on the Toolbox tab, select Network Objects, and expand Computer Sets.

  3. Double-click the Replicate Configuration Storage servers computer set to open its properties.

  4. Click Add and select Computer. In the New Computer Rule Element dialog box, click Browse.

  5. In the Find Internal IP Address dialog box, provide the server name and then click Find. When the IP address appears, click OK. Click OK again to close the New Computer Rule Element dialog box. Click OK to close the Replicate Configuration Storage servers Properties page.

  6. In the details pane, click Apply to apply your changes.

Creating the replicate Configuration Storage server

To perform this procedure you must have connectivity between the new Configuration Storage server Branch-Storage, and the existing Configuration Storage server, Main-Storage.

To create the replicate Configuration Storage server

  1. On the replicate Configuration Storage server, Branch-Storage, log on using enterprise administrator credentials (EnterpriseAdmin).

  2. Insert the ISA Server CD into the CD drive, or run ISAautorun.exe from the shared network drive.

  3. In Microsoft ISA Server Setup, click Install ISA Server.

  4. After the setup program prompts that it has completed determining the system configuration, on the Welcome page, click Next.

  5. If you accept the terms and conditions stated in the user license agreement, click I accept the terms in the license agreement, and then click Next.

  6. Type your customer information, and then click Next.

  7. On the Setup Scenarios page, select Install Configuration Storage server, and then click Next.

  8. On the Component Selection page, you can review the settings, and then click Next.

  9. On the Enterprise Membership page, select Create a replica of the enterprise configuration, and then click Next.

  10. On the Locate Configuration Storage Server page, provide the name of the Configuration Storage server. You can also use the Browse button to locate the server. If you are logged on to the replicate server with enterprise administrator credentials, leave the default selection, Connect using the credentials of the logged on users. If you are not logged on to the replicate server with enterprise administrator credentials, select Use this account and provide those credentials (EnterpriseAdmin). Click Next.

  11. On the ISA Server Configuration Replicate Source page, you are provided with options for the initial ISA Server replication, which may take a long time over a slow link. If you are replicating over a slow link, you may want to choose to replicate from a Windows backup file. For information about creating a backup file, see Introduction to Branch Deployment of ISA Server 2004 Enterprise Edition (https://www.microsoft.com/). Select either Replicate over the network, or Copy from the restored backup files, and then click Next.

  12. On the Enterprise Deployment Environment page, you have the option of installing a digital certificate to enable encrypted communication between the Configuration Storage server and the computers running ISA Server services. We recommend that you use this option when your computers running ISA Server services are in a workgroup, or are in a domain other than that in which the Configuration Storage server is located, and there is no trust relationship between the domains. In this walk-through, the Configuration Storage server and the computers running ISA Server services are in the same domain, so you can leave the default selection, I am deploying in a single domain or in domains with trust relationships. Click Next.

  13. On the Ready to Install the Program page, click Install to begin the installation.

  14. After the installation is complete, select the Invoke ISA Management check box, and then click Finish.

  15. In ISA Server Management, examine the policies and configuration. You will note that the policies and configuration of Main-Storage have been replicated on Branch-Storage.

  16. Close ISA Server Management.

    Note

    In a production environment, after completing setup, consider optimizing the replication of configuration changes by moving the Configuration Storage server to a different ADAM site. For details, see Deploying Configuration Storage servers across ADAM sites in ISA Server Help.

Creating the array

To create the array, perform the following steps.

  1. On the Configuration Storage server (main or branch), open ISA Server Management.

  2. Click Arrays. In the task pane, on the Tasks tab, click Create New Array to start the New Array Wizard.

  3. On the Welcome page, provide a name for the new array, such as Branch, and then click Next.

  4. On the Array DNS Name page, provide the Domain Name System (DNS) name of the array. This is the name that Firewall clients and Web client will use to connect to the array. Click Next.

  5. On the Array Enterprise Policy page, from the drop-down menu, select the enterprise policy that will be applied to the new array. Select Fabrikam FTP Optional Access Policy, and then click Next.

  6. On the Array Policy Rule Types page, select the types of rules the array administrator is allowed to make. In this scenario, allow the administrator to make allow rules, deny rules, and publishing rules. Click Next.

  7. On the summary page, review the array configuration and then click Finish. When the progress bar indicates that the array has been created, click OK.

  8. After the array has been created, assign array administrator privileges to the branch array. In ISA Server Management, right-click the name of the array and select Properties.

  9. On the Assign Roles tab, click Add. Leave the default settings, and add the user BranchArrayAdmin. From the drop-down Role menu, select ISA Server Array Administrator, and then click OK.

  10. Click OK to close the properties page.

  11. In the Firewall Policy details pane, click Apply to apply the changes.

Adding a server to the array

Now that you have created an array, you can add the computer that will run ISA Server services, FW-B1, to the array.

Note

All computers grouped in an array must have the same:
- Number of network adapters, connected to array-level networks with the same names.
- Dial-up connections configured.
- Time zone, with synchronized clocks (for logging).
- Partitions (for logging).
- Certificates installed on each array member.
- Language version of ISA Server and Windows Server 2003 installed, with the same locale set for the computer and for the user who is logged on.
- Updates installed.
- Domain and site configuration (or belong to a workgroup).
Also, network services should be available to each array member (for example, Domain Name System (DNS), CRL Verification connectivity, and Active Directory connectivity).

Perform this procedure on FW-B1.

To add a server to the array

  1. Log on to the computer using the credentials of the administrator of the branch array (BranchArrayAdmin).

  2. Insert the ISA Server CD into the CD drive, or run ISAautorun.exe from the shared network drive.

  3. In Microsoft ISA Server Setup, click Install ISA Server.

  4. After the setup program prompts that it has completed determining the system configuration, on the Welcome page, click Next.

  5. If you accept the terms and conditions stated in the user license agreement, click I accept the terms in the license agreement, and then click Next.

  6. Type your customer information, and then click Next.

  7. On the Setup Scenarios page, select Install ISA Server Services, and then click Next.

  8. On the Component Selection page, you can review the settings, and then click Next.

  9. On the Locate Configuration Storage Server page, specify the Configuration Storage server to which this computer will connect. You can click Browse to locate the Configuration Storage server computer. On this page, you will have to provide the credentials of an enterprise administrator, such as EnterpriseAdmin, to connect to the Configuration Storage server. Click Next.

  10. On the Array Membership page, select Join an Existing Array, and then click Next.

  11. On the Join an Existing Array page, provide the name of the array, Branch. You can also click Browse to open the Arrays to join dialog box, and select the array from the list. Click Next.

  12. On the Configuration Storage Server Authentication Options page, select the authentication type that will be used for connections between the ISA Server computer and the Configuration Storage server. Because in this scenario the firewall array and the Configuration Storage server are in the same domain, select Windows authentication, and then click Next.

  13. This step will only take place on the first server you install in the array. On the Internal Network page, specify the IP address range that will constitute the Internal network for this array. We recommend that you map your Internal network to the enterprise network you created in Procedure 4: Creating enterprise networks.

    1. Click Add to open the Addresses dialog box.
    2. Click Add Network to open the Select Enterprise Networks dialog box.
    3. Select Internal, and then click OK.
    4. In the Addresses dialog box, click OK.
    5. On the Internal Network page, click Next.

  14. On the Services Warning page, review the list of services that will be stopped or disabled during installation of ISA Server. To continue the installation, click Next.

  15. Click Install.

  16. After the installation is complete, click Finish.

  17. You will be prompted to restart the computer. Click Yes to restart the computer.

[Topic Last Modified: 09/26/2007]