Thursday 28 August 2008

SBS 2008 Premium on Open Value Licensing - ISA considerations

This post is more to generate some creative juices in the old grey matter. ;)

Given the experiences we have had configuring ISA 2004 to work with our SBS 2008 lab setups, there look to be a couple of possible methods to make things work.

The key to it all folks: Take a very close look at your SBS 2003 SP1/R2 Premium setups with ISA 2004 installed and configured properly.

Look at how the SSL setup works and just how the Configure E-mail and Internet Connection Wizard sets the ISA SSL bridging up.

From there, it is possible to see two possible ways of configuring ISA:

  1. Bridging using the SBS self-issued cert for RWW and an internal URL for RWW. ISA will bridge SSL for remote.mysbs2008.com to remote.mysbsdomain.local without the dreaded 500 errors.
  2. Bridging using the split DNS setup built into SBS 2008. ISA bridge Internet remote.mysbsdomain.com calls to remote.mysbsdomain.com on the SBS 2008 box.
We have been using the second method to make everything work so far. The key factor is to make sure to import the third party SSL certificate with the Private Key in it.

But, since the current SBS 2003 SP1/R2 Premium setups with ISA 2004 use method 1, we will experiment with it to see if using the internal URL will break things on SBS 2008 ... a distinct possibility given the wizard's use of a split DNS setup.

We won't be able to do this until our lab setup has the SBS 2008 Win2K3 setup in place with ISA 2006 installed and waiting to be configured for use with the Springers' SBS 2008 network.

If the trial runs at setting up option 1 do not work, we will make sure to let you know...

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

2 comments:

Anonymous said...

Interesting. Do you know where more details would be provided on configuring ISA with SBS 2008 Premium? Seems as if Microsoft would have provided this with the SBS 2003 software assurance offer. But I cannot find it. Thanks.

Philip Elder Cluster MVP said...

A,

Software Assurance for SBS 2003 R2 Premium, for the most part, would have been purchased while an in-production SBS 2003 R2 Premium server was in place or being installed.

It seems fairly clear to us that there is an implication that the settings we see in the existing SBS 2003 R2 Premium with ISA 2004 SP3 configured would be transferrable to the new SBS 2008 + ISA 2006 SP1 setup.

Some differences being the port setting for the Companyweb Internet SharePoint site which is now 987 instead of 444, and the fact that we do not need to port forward HTTP 80.

Thanks for the comment,

Philip