Configuring Exchange 2000, ISA 2000 on W2K Advanced Server

W

Wil Biscardi

We are currently running W2K Advanced Server. We have two
(2) W2K ISA 2000 servers with the external ISA acting as
the PDC and running IIS. We also have a W2K Exchange 2000
cluster running on 2 servers. Things have not been
working very well and we are working with consultants to
help us reconfigure this arrangement to a more "industry-
standard", "best-practices" setup....

One consultant suggests moving the PDC functionality from
the ISA server to the Exchange Cluster. One of the ISA
servers would then act as our external firewall while the
second ISA server would act as an internal firewall
creating a DMZ in the process. There are other details,
but this is the basic concept.

Another vendor is recommending a similar arrangement, but
they suggest obtaining a NEW server to act as the PDC.
The ISA servers and the Exchange servers would act as
member servers on the network.

Any comments, recommendations, advice would be
appreciated. We are sure that there are probably many
acceptable ways to set up a network that is secure,
redundant, etc., so there is more than likely not ONE
answer that says "this is THE way to do it." But we are
looking for suggestions from experts and those of you with
the technical experience to help shed some light on the
matter for us. Please advise. Thank you!
 
R

Rob Elder, MVP

I would side with the second vendor. I would never recommend running ISA on
domain controller. That's just plain foolish.
 
W

Wil Biscardi

Hi, Rob!

Thanks for your quick reply! I don't think I was clear in
my explanation....
We CURRENTLY have the Domain Controller running on the ISA
server, and we realize, as you noted, that this is a poor
design. Both consultants agree with your assessment. The
difference is that the FIRST consultant would move the PDC
functionality to the Exchange cluster servers. The SECOND
consultant recommends a SEPARATE server to act as the PDC,
and the Exchange and ISA boxes would be member servers.
Are you still leaning towards the second consultant's
recommendation? Thanks again for your time!

Regards,
Wil
 
R

Rob Elder, MVP

Also agree with a seperate dc.

Wil Biscardi said:
Hi, Rob!

Thanks for your quick reply! I don't think I was clear in
my explanation....
We CURRENTLY have the Domain Controller running on the ISA
server, and we realize, as you noted, that this is a poor
design. Both consultants agree with your assessment. The
difference is that the FIRST consultant would move the PDC
functionality to the Exchange cluster servers. The SECOND
consultant recommends a SEPARATE server to act as the PDC,
and the Exchange and ISA boxes would be member servers.
Are you still leaning towards the second consultant's
recommendation? Thanks again for your time!

Regards,
Wil
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Branch office, Exchange, site-to-site, ISA server, Recommendations 1
Setting up isa 2004 server with windows 2000 network 5
DNS Forwarding Not Work 2
SBS 2000 to SBS 2003 through VPN 4
Vista/OL2007 cannot download via VPN to Exchange 2000, ISA 2000 1
2 NIC's on the same network and ISA server 1
setting up ISA server for windows update : error 0x8024402C 1
problems with isa 2000 exceptions 2

Top