Understanding IAG 2007

There are many people that still having doubts about IAG and why IAG 2007 has the ISA Server 2006 on the same box. To understand that let’s see the diagram below:

 

Figure 1 – Software layer that involved on the way that IAG 2007 Server handles the traffic.

 

This figure shows the main components that are used on an IAG 2007 box and the processing order. Let’s see what it happens:

1. When the client workstation sends the HTTP GET Request while accessing the IAG portal the first thing that will happen is traffic hitting the NIC and the OS processing that.

2. Then ISA Server filter engine will intercept that traffic and see if that traffic is allowed or not.

3. Assuming that the traffic is allowed, the destination HTTP Server that will process the GET Request is the IIS Server. The IIS will see that who is supposed to handle this traffic is an ISAPI Filter/extension that is loaded on the site.

4. The ISAPI filter/extension loaded on the site is from IAG 2007 application. At this point, IAG will process the request according to the configuration policy that it has.

 

Note: By definition ISAPI extensions are DLLs that handle specific requests and ISAPI filters are DLLs that you can register with IIS to modify the behavior of the server. For IAG both functions are performed by WhlFilter.dll.

 

This is the basic flow that we are going to have when we are processing a request on an IAG 2007 Server. Based on that there are some common questions about those components working together:

 

Question: I know that there are problems when you have IIS and ISA Server on the same computer. How this work with IAG?

Answer: That’s true, but the IAG uses the ISA Server only as a firewall, the publishing rules are not created on ISA Server. Since ISA Server will not publish the pages (IAG will) you don’t need to worry about resource allocation problems.

 

Question: Since we have this dependency, this means that IAG will stop if IIS stops?

Answer: Yes, it will. IAG relies on IIS, in another word: if the inetinfo.exe process hangs, leak or crash the IAG will suffer the pain too.

 

 

Question: Can I create rules on ISA, publish other stuff on it?

Answer: Well, you can but it is not recommended to touch on the ISA Server that is installed on the IAG box. This ISA Server should not be used as another point of publishing, web proxy or caching. You should have another ISA Server in a separate box to do that.

 

Question: Can I create my web sites on the IIS that is located on the IAG box?

Answer: Yes, you can, but there are some caveats:

· You have to add the IIS web site on the IAG Application Server Configuration to make sure that IAG will not delete the web site from the IIS when it saves the configuration.

· On the performance standpoint you should be careful to not start to use your IAG box as a web server. If you think that you will then it is strongly recommended to use another IIS Server to do that.

 

Question: With the integration between those products, what happens when I create new trunk, publish the application and activate the changes?

Answer: What happen (broadly speaking) is:

· IAG Configuration is saved

· IAG Creates the site on IIS (for new trunk)

· IAG deletes IIS sites (if it the trunk was deleted or disabled)

· Rules are created on ISA Server

 

 

Figure 2 – The integration between the components.