Deploying ISA in SBS 2003 [Windows Small Business Server 2003 Best Practices book excerpt]

Good morning everyone and welcome to my virtual book reading. I am the author of the above title and I like to post a passage a day as my virtual book reading! Today we start to deploy ISA in SBS 2003!



Harry Brelsford, CEO at smb nation

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Deploying ISA Server 2000

The premium edition of SBS 2003, in some ways, kinda feels like an afterthought to the SBS 2003 standard edition. I can say that because, like many SBSers, I spent a lot of time with SBS 2003 standard edition in mid-2003. It wasn’t until late 2003 that I was able to get my hands on the SBS 2003 premium edition and really dig into the remaining components. My expectations were to see a completely re-architected SBS setup process (remember the 42 steps in Chapter 3 for the standard edition?). Instead, all I really got in the SBS 2003 premium edition box was an extra CD-ROM disc that seemed like it was just thrown in

 Visit for the latest updates for any Microsoft product.

there. The setup of the premium components (ISA Server 2000, SQL Server 2000, and FrontPage 2003) was essentially a manual setup without heavy SBS integration. This is underscored by Figure 13-8.

BEST PRACTICE: You will notice the ISA and SQL-related snap-ins are not inserted into the Server Management console. This again underscores a lack of integration with the premium components. Hang on, though. In a few moments, I’ll show you how to add these snap-ins.

Figure 13-8

The “splash” screen for Disc 5 in the SBS 2003 premium edition SKU essentially directs you to manually install the premium components.

Installing ISA Server 2000

You will now install ISA Server 2000 on the server machine. On the figure above, you will notice the first link titled How to Install. This link launches a traditional read me file for setting up and configuring the SBS 2003 premium

edition components. Go ahead, open (from How to Install) and read the file, “Completing Setup for Microsoft Windows Small Business Server Premium Technologies”, as seen in Figure 13-9 and complete the ISA Server installation process. Do it now!

BEST PRACTICE: Now is NOT a good time to be rebellious. You really need to study this document prior to installing the premium components. That is because the installation is slightly different from the standalone versions of these respective products in larger organizations.

Figure 13-9

Viewing the How to Install document is mission critical.

When you are completing the stepwise procedure to install ISA Server 2000, you will want to be aware of the following points.

You will agree to a separate ISA Server license, but you do not need to enter a Product ID code.


You will install ISA Server 2000 in integrated mode as per the setup instructions.


 Visit for the latest updates for any Microsoft product.

          The Local Address Table (LAT) creation process is much improved over the legacy SBS 2000 product (which by default added every known private IP address range on planet Earth). In SBS 2003, only the pri­vate IP address range discovered by querying the inside network adapter card is added.

This improved LAT table creation process prevents a mistake I used to lecture on in my spring 2003 advanced SBS tour, where I told the story of being “LATed out.” I was creating a dual firewall scenario for a lumber yard on Vashon Island, Washington. The IP address range I correctly used was 10.0.0.x between the dual-homed SBS 2003 server machine and the hardware-based firewall. However, this being SBS 2000, the 10.0.0.x range was part of the LAT and resulted in end-users not being able to access the Internet (most noticeably, when they launched Internet Explorer and got a “page could not be displayed” error). No such problems exist in using a private IP address range in a dual firewall scenario with SBS 2003, because the LAT table isn’t incorrectly populated with all private IP address ranges, as you can see in Figure 13-10. Whew!

Figure 13-10

This LAT reflects the internal SBS 2003 network as it should.

BEST PRACTICE: I recommend you select the option in Figure 13­11 to launch the Getting Started wizard in ISA Server 2000 to better configure security on your network.

Figure 13-11

ISA Server 2000’s Getting Started wizard wasn’t an option present in the SBS 2000 time frame but is with SBS 2003.


          Caching configuration. I already discussed this above but please note that you’ll configure caching when you install ISA Server 2000.


Leave a comment

Filed under Book

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s