Last week I noticed that HTTP/S connections to my primary ISP public address were randomly dropped for short times. Since this little trouble was affecting the user experience of the Phoibos services customers, I worked a couple of days to find a solution.
The cause of the problem revealed to reside in the Web Listener component of ISA Server 2004 Standard Edition: in effect, the configuration of my firewall (that I deployed to workaround my ISPs low reliability) with two external NIC targeted to different gateways and some other tricks, was something complex and obviously unsupported by MSFT… 😉
The best solution was to deploy an array of ISA Servers (only possible with the Enterprise edition) to have them working as a load-balanced gateways both to access the Internet and to publish my servers on the Internet. Furthermore the bi-directional affinity functionality granted by the new NLB services on Windows Server 2003 was also the best solution to publish the same service simultaneously on both public IP addresses, which was what I needed.
The migration from my old ISA 2004 single-server deployment to the new ISA 2006 array has been a little more complex than I thougth, mainly because the fact that all the ISA machines I wanted to deploy were hosted on two physical Virtual Server 2005 R2 hosts (if you have ever had to configure NLB clusters in a virtualized infrastructure you know what I mean…). After some troubles I decided to setup the NLB services out of the control of ISA services to be able to make NLB working in multicast mode (that’s the best option if you must have virtual guests by different virtual host “converged” in the same Virtual IP).
At the time I’m writing the new solution has been deployed by some hours, and all seems to work very well and, obviously, in a more available and secure way. I think there are a few adjustments I still have to make… hoping to have as few troubles as possible! 😀