locked
OCS 07 Deployment without ISA Proxy RRS feed

  • Question

  • Hey everyone,  I'm in the process of planning a deployment of OCS 07, however as we're a small company, purchasing and deploying an ISA server is just out of the question.

     

    My question to you all is this, we have 8 static IP's, two networks (192.168.168.x & 192.168.0.x : Internal and External respectively)  Is it possible to properly deploy a working OCS 2007 installation so that we have all of the following functionality?

     

    - External IM access (no vpn required)

    - A/V Functionality

    - Live Meeting with address book as well as meeting downloads

    - SIP functionality

     

    We currently run on a virtualized VMWare environment, and though I do have the ability to create as many servers as I need, I would like to keep things as consolidated as possible being that we are a small company (less than 30 employees)

     

    Any insight as to how to first proceed would be a blessing.

     

    Thanks in advance,

    Matt

     

    P.S. I know some of you are going to say that the true method of security is with ISA, but at the current moment in time, our resources just don't give us that opprotunity.  We have been running a single server install of exchange 2003, and most recently 07 for about 2 years with OWA and RPC over HTTP without issue, and would like to accomplish the same thing with OCS 2007

    Monday, December 3, 2007 7:23 PM

All replies

  • You can get all of those features without ISA except for address book content and certain meeting data for external users.  Search the forum for "ISAPI rewrite" for ways to setup the SSL bridging without using a dedicated ISA server; I've seen it discussed recently.

     

    As far as running the components in a virtualized environment, it's not supported by Microsoft.  And depending on the amount of usage you may experience issues with audio and video streaming.  I've seen poor audio with just a single conversation running while virtualized, but that can be dependent on the host's hardware.

     

    Monday, December 3, 2007 8:08 PM
    Moderator
  •  

    Jeff, I guess my primary issue is I'm not really sure what the use of the ISA server is really for?

     

    When the server we're going to be using for edge has both an internal and external connection, is setup on the domain, why is a reverse proxy even required? or the ISAPI Rewrite for that matter?

     

    Also, we're running on a dual xeon dual-core 3.0ghz box with 28GB of ram and about 2TB of SAS drives, I'm not overly concerned with the horsepower aspect of things being that we run large scale production SAP instances on a similar machine.

     

    Thanks,

    Matt

    Monday, December 3, 2007 8:21 PM
  • Matt,

     

    I agree that at first glance the concept of the 'reverse proxy' can be a little confusing.  Take a look at my latest blog in which I try to make that component a little easier to visualize.

     

    The short answer is the reverse proxy is used to publish a website on the internal Front-End server (not your perimeter Edge).  If you typically have an ISA server already deployed it's conceptually no different than publishing Exchange web services or a Sharepoint website.  External clients need a way to connect to the website on the internal Front-End server in order to download address book content (among a couple other things).

     

    Here's a tip, when you read the Edge Deployment Guide, the term 'web farm' is always referring to this Front-End website; it has nothing to do with the Edge Server roles themselves.

     

    Monday, December 3, 2007 9:59 PM
    Moderator
  • Jeff,

    Thanks for helping me with the understanding of the ISA Server's role.
    My problem now is my inexperience with the ISA Server.  I understand it's an important part, and I've downloaded the ISA Server from our MSDN license and installed it.  However I'm having trouble defining it's role in our infrastructure map.
    Let me give you an outline of what we currently have.

    Our current topography is as follows.

    We have an internal IP Range of 192.168.168.x
    A DMZ'd range of 192.168.0.x
    Our external IP's of which there are 8 are 70.169.152.x

    Cable Modem -> Sonicwall TZ170 -> Routing IP's to our network

    I'm unsure of which Network Model I require and where to place the different network interfaces in the ISA server. 
    I'm guessing perhaps a 3 legged network model, however I'm not entirely sure.

    I've got a more advanced router coming (Netscreen SSG 140) which should be here next week.
    However my boss just being assigned to a project in Denver, and us in Virginia is really driving the need for the OCS implementation, and I'm anxious to get it up and running correctly myself.

    Any additional information you can give me with our setup would be a HUGE help.

    Thanks Much,
    Matt
    Tuesday, December 4, 2007 8:40 PM