The Configuration Storage server stores the configuration information for all of the arrays in the enterprise. The following procedure describes how to install the Configuration Storage server. Perform this procedure on the computer that you have designated as the Configuration Storage server.

To install the Configuration Storage server

1. Insert the ISA Server CD into the CD drive, or run ISAAutorun.exe from the shared network drive.

2. In Microsoft ISA Server Setup, click Install ISA Server 2006 and use the wizard to install ISA Server 2006 as outlined in the following table.

   Page	Field or property	Setting
   Welcome	None	Click Next.
   License Agreement	License Agreement	Select I accept the terms in the license agreement.
   Customer Information	User Name Organization Product Serial Number	Enter user name. Enter organization name. Enter product serial number.
   Setup Scenarios	Select the setup scenario.	Select Install Configuration Storage server.
   Component Selection	Review the features that will be installed. Notice that ISA Server Management is also installed.	Click Next.
   Enterprise Installation Options	Select the enterprise installation options.	Select Create a new ISA Server enterprise.
   New Enterprise Warning	This page warns you not to install more than one enterprise. Because you are creating a new enterprise, you can ignore the warning.	Click Next.
   Create a New Enterprise	Enterprise Name Description	Enter a name for the enterprise. Provide a description of the enterprise (optional).
   Enterprise Deployment Environment	All communication between array members and Configuration Storage servers in a single domain or in a domain with trust relationships is encrypted automatically. If your array members and Configuration Storage server reside in a workgroup or across domains that do not have trust relationships, you will need to install a digital certificate to encrypt communications between the array members and the Configuration Storage server.	Select I am deploying in a single domain or in a domain with trust relationships.
   Ready to Install the Program	None	Click Install.

3. After the installation is complete, select Invoke ISA Server Management when the wizard closes, and then click Finish.

4. In ISA Server Management, expand the Enterprise node, and then expand the Enterprise Policies node. Note that there is one policy listed, the Default Policy. Click Default Policy and look at the rules in the details pane. There is one enterprise policy rule, a rule that denies all traffic that is applied after array level rules. This rule ensures that unless access is specifically allowed, ISA Server denies it. Other than this enterprise policy rule, in the Default Policy, only array rules will apply. Click the Arrays node. Note that this node is empty, because an array has not yet been created.

Note the following:

• If you choose I am deploying in a single domain or in domains with trust relationships, you can change to server certificate authentication anytime after installation, if your deployment needs change. To do so, obtain an exported server certificate and save it on the Configuration Storage server. Then, run ISACertTool, available at the ISA Server Downloads page.
  
  
• You can manage the enterprise from the Configuration Storage server, from an array member, or from a remote management computer, if you are logged on with the same credentials used when you installed the Configuration Storage sever or the credentials of a user who has the ISA Server Enterprise Administrator role.
  
  
• The Configuration Storage server service normally runs under the network service account. If you install the Configuration Storage server on a domain controller, you must provide an account under which the service will run. This is because the Network Service account cannot be used when the Configuration Storage server runs on a domain controller. You can run the Configuration Storage server service using the credentials of a user in the Domain Admins group (a domain administrator). However, for the most secure configuration, we recommend that you provide the credentials of a user who is not a domain administrator. If you provide the credentials of a user who is not a domain administrator, you must perform the following procedure to ensure that the user has the permissions required by the service.
  
  

To ensure the specified user has the required permissions to run the Microsoft ISA Server Storage service (ISASTGCTRL)

1. Install the Configuration Storage server, as described in Installing the Configuration Storage Server.

2. As part of the setup process, on the Configuration Storage Server Service Account page of the Setup Wizard, provide the credentials of the user who is not a domain administrator.

3. In the Program Files\Microsoft ISA Server\ADAMData folder, locate the Dnsdomain.bat file, where Dnsdomain is the DNS name of the computer on which ADAM is running.

4. At the command prompt, type Dnsdomain to run the file. The Dnsdomain.bat file appears in the directory approximately one minute after ADAM installation is complete.

After you install the Configuration Storage server, you can create an array. Creating the array enables you to configure how the enterprise policy and array policy work together and the type of rules that can be created in the array, before the array is released and populated with servers.

To create an array, perform the following procedure.

To create an array

1. On the Configuration Storage server, open ISA Server Management.

2. Click Arrays. In the task pane, on the Tasks tab, click Create New Array to start the New Array Wizard. Use the wizard to create the new array as outlined in the following table.

   Page	Field or property	Setting
   Welcome to the New Array Wizard	Array name	Enter the name of the array.
   Array DNS Name	Array’s DNS name	Enter the array's DNS name. Note: The DNS name must be able to be resolved by Firewall clients and Web clients.
   Assign Enterprise Policy	Apply this enterprise policy to the new array	Select Default Policy.
   Array Policy Rule Types	Select the types of array firewall policy rules that can be created on this array.	Select: "Deny" access rules "Allow" access rules Publishing rules (Deny and Allow)
   Completing the New Array Wizard	Reviews settings.	Click Back to make changes and Finish to complete the wizard.

3. After the array has been created, you may assign array administrator privileges to the main array. In ISA Server Management, right-click the name of the array and select Properties. Do the following:

   1. On the Assign Roles tab, click Add. Add the required user. From the drop-down Role menu, select ISA Server Array Administrator, and then click OK.
      
      
   2. Click OK to close the properties page.
      
      

4. In the Firewall Policy details pane, click Apply to apply the changes.

To enable monitoring of the array members from the Configuration Storage server, you need to add the Configuration Storage server to the Remote Management Computers computer set.

To modify the Remote Management Computers computer set for an array, perform the following procedure.

To modify the Remote Management Computer computer set

1. On the Configuration Storage server, open ISA Server Management.

2. Expand Arrays, expand Array_Name, and select Firewall Policy.

3. In the task pane, on the Toolbox tab, click Network Objects.

4. Expand Computer Sets, select Remote Management Computers, and click Edit.

5. Click Add, and select Computer.

6. In the Name field, type a name for the computer, enter the IP address of the Configuration Storage server in the Computer IP Address field, and then click OK.

7. Click OK to close the properties of the Remote Management Computers computer set.

8. In the Firewall Policy details pane, click Apply to apply the changes.

Now that you have created an array, you can install ISA Server computers into the array. Perform these steps on the computer you have designated to be the array member. Perform the installation with the same user account that you were logged on to when you performed the installation of the Configuration Storage server.

To install a server in the array, perform the following procedure.

To install a server in the array

1. Insert the ISA Server CD into the CD drive, or run ISAAutorun.exe from the shared network drive.

2. In Microsoft ISA Server Setup, click Install ISA Server 2006. Use the wizard to install ISA Server 2006 as outlined in the following table.

   Page	Field or property	Setting
   Welcome	None	Click Next.
   License Agreement	License Agreement	Select I accept the terms in the license agreement.
   Customer Information	User Name Organization Product Serial Number	Enter user name. Enter organization name. Enter product serial number.
   Setup Scenarios	Select the scenario that best describes this installation.	Click Install ISA Server services.
   Component Selection	Review the features that will be installed. Notice that ISA Server Management is also installed.	Click Next.
   Locate Configuration Storage Server	Configuration Storage Server (type the FQDN) Connection Credentials	Enter the fully qualified domain name (FQDN) of the Configuration Storage server. Note: If you get an error that you cannot connect to the Configuration Storage server, go to the command prompt and try to search for the Configuration Storage server using the FQDN you just entered to see if there is name resolution of the FQDN to the correct IP address of your Configuration Storage server. Connect using the credentials of the user who is logged on.
   Array Membership	Select the array membership for this ISA Server computer	Select Join an existing array.
   Join Existing Array	Array name	Enter the name of the array you created in the previous step.
   Configuration Storage Server Authentication Options	Select how the ISA Server computer will authenticate to the Configuration Storage server.	Select Windows authentication.
   Internal Network	For an explanation of how to define Internal networks, see ISA Server EE Appendix A: Adding Addresses to the Internal Network, later in this document.	Click Add to specify the network address ranges. Click Add Adapter. Select one or more of the adapters that are connected to the Internal network. These addresses will be included in the Internal network that is defined by default for ISA Server. Click OK, click OK, and then click Next. For an explanation of how to define Internal networks, see ISA Server EE Appendix A: Adding Addresses to the Internal Network, later in this document.
   Services Warning	Review services that will be stopped and services that will be disabled if you continue.	Click Next.
   Ready to Install the Program	None	Click Install.

3. After the installation is complete, click Finish.