I have been selling, and supporting Microsoft Small Business Server since the first version (v4.0) back in 1997. One of the killer features it had was it provided Internet access for all the computers in the network. Sounds like no big deal now, but back then dial-up was state of the art. If users wanted Internet access, they had to fight over who had access to the phone line. Only one user at a time could access the Internet over a given phone line. Small businesses were not anxious to give everyone their own dedicated modem phone line. But with SBS 4.0, the server would have the modem and would allow everyone on the network to access the Internet simultaneously through only one phone line. That was huge! Then came broadband access and the server still filled the function of being the Internet gateway for the network. The primary feature that made all this work was originally Proxy Server and then with SBS 2000 and SBS 2003 Premium, Internet Security and Acceleration Server (ISA). ISA not only provided Internet access but was the firewall for the entire network. And a fine firewall it was. And as part of SBS, it made SBS a super deal. But being a sophisticated firewall, it did require a little bit of knowledge to use. Actually only a little bit as the CEICW (Configure E-mail and Internet Connection Wizard) in SBS pretty much configured it with little effort. But apparently most purchasers of SBS 2003 (the first version to split off the ISA and SQL portions into a ‘Premium’ Edition) bought the Standard Edition without ISA or SQL. So the SBS development team decided to remove ISA from SBS 2008. There are a few technical reasons as well which I will touch on here. So if you are going to have an SBS 2008 server and network, you will need a separate firewall of some sort.
In preparation for migrating to SBS 2008 on my own network, I’ve decided to load ISA on a separate dedicated server to be my firewall. My original plan was to install Windows Server 2008 Core and install ISA 2006 on it to be the firewall for my network. While installing W2k8, I did a Google search and found that ISA 2006 (and all other versions) is NOT compatible with Windows Server 2008. Not just Core, but W2k8 in general. Seems to be a conflict with the Windows firewall on W2k8 which can’t be disabled. This is likely one of the technical reasons why SBS 2008 doesn’t come with ISA.
The replacement for ISA is Threat Management Gateway. I’m not sure whether TMG is available yet but it will only run on Windows Server 2008 — 64bit! My server isn’t 64 bit so that’s out.
My final solution is to configure my server with Windows Server 2003 and load ISA 2006 on that. I will have to configure my current SBS 2003 server, as well as all my workstations, to use the new ISA server as the network gateway to the Internet. My ISA ‘server’ by the way is an OLD workstation that I’m loading W2k3 on. It is an old AMD K7, 550 MHz, with 768 MB RAM. Wouldn’t want to run much more that ISA on it, but it should work fine as my firewall. My ISA MVP friend, Amy Babinchak, told me so :-).