One or more Microsoft Internet Security and Acceleration (ISA)
Server 2006 computers can be grouped into an array of servers.
When an array includes multiple servers, the member servers
communicate with each other in one or more of the following
functions:
CARP. The Cache Array Routing Protocol (CARP)
effectively combines the cache drives of all member servers into a
single logical cache. To accomplish this, the member servers
forward requests to each other.
VPN. Member servers inform the other servers when a VPN
tunnel exists, so that the array can route applicable traffic to
the appropriate tunnel; that is, to the server that "owns" the
tunnel.
Configuration Storage server. If the Configuration
Storage server is installed on one of the member servers, the other
member servers will access that server.
The intra-array address is the address used when the member
servers communicate with each other.
The intra-array address is automatically configured during
setup. You can subsequently modify the intra-array address for each
member server. For instructions, see Configure intra-array
address.
A default system policy, named Allow intra-array
communications allows intra array communication. It allows communication
using the MS Firewall Control and RPC (all
interfaces) protocols to and from all members of the Array
Servers computer set. By default, the Array Servers computer set
includes the intra-array address, configured at setup, of each
member server.
Intra-array address vs. FQDN
Although each member server can be uniquely identified by its
fully qualified domain name (FQDN), the intra-array address is
critical for intra-array communication for the following
reasons:
Each member server may have more than one network adapter. Yet,
the sensitive intra-array traffic should be communicated only on
specific, trusted network adapters. By specifying an intra-array
address, you configure the specific network adapter to pass the
intra-array communication.
When the array is configured to use Network Load Balancing
(NLB), the NLB-bound adapter should not be used for intra-array
traffic. By specifically limiting the intra-array address, you
avoid the conflict between the NLB-bound address and the
intra-array address.
Intra-array traffic should not be subject to quota
restrictions. By specifying the intra-array address, you can
identify the intra-array traffic, and not subject it to these
restrictions.
Tips and hints
Follow these guidelines when configuring the intra-array address
for a server:
If NLB is not configured for the array, specify the intra-array
address as the primary IP address of the first network adapter on
the Internal network.
If NLB is configured for the array, use a dedicated network
adapter that is located on the Internal network, for intra-array
traffic. A different network adapter, also located on the Internal
network, should be used for NLB.
For maximum security, use a dedicated network adapter in a
network used only for intra-array communication (which includes
only the IP addresses of the intra-array addresses used by other
member servers).
Get latest ISA Server
content at ISA Server
Guidance(http://www.microsoft.com/).
Send
feedback about this page.