Monday 10 August 2009

A day in the life of an IAG installation...

Today I'm away from home carrying out a two day installation for a Celestix WSA/Microsoft IAG appliance.

This was a slightly different implementation as the firewall is hosted offsite and they don't have a traditional DMZ. After a couple of chats with the ISP, we managed to get a new subnet implemented, creating a virtual DMZ. Bear in mind that IAG can not be deployed a single NIC server, it needs to have an external and internal zone.

The customer had a number of requirements, including OWA 2007, SharePoint, RDP access, an intranet site, file access and granular endpoint/access policies, which all go swimmingly. As well as ensuring that the appliance was correctly service packed to SP2 Update1.

The challenges today (and there are always challenges with an IAG installation) included SSH connections to Linux servers, and Telnet terminal emulation application. These were made to work as bespoke client/server applications, along with automatic startup of the associated applications and the correct switches to start them up on the correct screens. These should have been straight forward, but as everyone uses different clients, the testing of the various switches took a bit of time. There was also an issue with a static route, but was dictated incorrectly, but as ever check the obvious first, such as..... manually entered IP addresses!!

So a fair chunk done for the day, but two things left me scratching my head. Two outstanding applications need to be dealt with, as I have never seen or used either before. The first was a VMWare View implementation and a Mitel 8602 IP Softphone. As I'm in a hotel tonight, it gave me a chance to do some Googling and see if any of this helps.

VMWare View (Deploy as a browser embedded application)
Frontend: Ports 80 & 443
Backend: Ports 3389 (RDP), 4001 (JMS) and 8009 (AJP13)

Mitel 8602 IP Softphone (Deploy as a client/server application)
5566 - TCP
5567 - UDP
5004 to 5069 - TCP
6004 to 6247 - TCP & UDP

We'll see if those fix the issues tomorrow! Then it only leaves customisation, administration overview and housekeeping, which means a packed day ahead!

No comments:

Post a Comment