IAG 2007 SP2

Whale Communications Intelligent Application Gateway 2007 Service Pack 2

Contents
IAG 2007 SP2......................................................................................................................... ..1

Installing a trial version of IAG with Service Pack 2 as a virtual machine.................................2

Before you begin.................................................................................................... ...............3

Installing a Hyper-V role on the computer running Windows Server 2008................................3

Downloading the trial version VHD for IAG with SP2............................................................ ....4

Creating an IAG virtual machine....................................................................................... ........4

Creating virtual networks and binding them to the IAG virtual machine adapters.....................5

Connecting the hard disk to the IAG virtual machine....................................................... .........6

Converting the IAG virtual machine dynamic disk to a fixed virtual hard disk...........................7

Setting the IAG virtual machine to run automatically............................................ ....................8

Starting the IAG virtual machine.................................................................................. .............8

Configuring Windows settings for the IAG virtual machine...................................... .................8

Before you begin.................................................................................................... ...............9
Configuring Windows settings................................................................................. ..............9

Configuring remote management of the IAG virtual machine............................... ..................10

Configuring regional and language settings for the IAG virtual machine................................12

Adding the IAG virtual machine to a domain.......................................................................... .12

Installing a trial version of IAG with Service
Pack 2 as a virtual machine
The trial version of Whale Communications Intelligent Application Gateway (IAG) 2007 virtual
machine includes the Windows Server® 2003 R2 Standard Edition operating system, IAG
2007 SP2, and Microsoft Internet Security and Acceleration (ISA) Server 2006 SP1, which
acts as a network firewall.

Note:
Currently, IAG 2007 virtual machine is available as trial software only. The trial
expiration date of the copy that you install is noted in the end user license agreement
page that is displayed during the installation.

ISA Server complements secure application access with the ability to terminate Internet
Protocol security (IPsec) traffic and provide full content inspection in order to combat
undesirable software, such as spyware and malware threats.

Note:
ISA Server is used as a network firewall only; none of the other ISA Server features
are implemented in this setup. Unless specifically instructed to, you should not
change any of the default ISA Server settings.

This topic includes the following:

• Installing a Hyper-V role on the computer running Windows Server 2008

• Downloading the trial version VHD for IAG with SP2

• Creating an IAG virtual machine

• Creating virtual networks and binding them to the IAG virtual machine adapters

• Connecting the hard disk to the IAG virtual machine

• Converting the IAG virtual machine dynamic disk to a fixed virtual hard disk

• Setting the IAG virtual machine to run automatically

• Starting the IAG virtual machine

• Configuring Windows settings for the IAG virtual machine

• Configuring remote management of the IAG virtual machine

• Configuring regional and language settings for the IAG virtual machine

• Adding the IAG virtual machine to a domain

2
Before you begin
Before you begin, note the following:

• Make sure that the computer on which you are installing the IAG virtual machine
is enabled for virtualization in BIOS.

• Review the Hyper-V™ requirements at Windows Server 2008 Virtualization with

Hyper-V: FAQ (http://go.microsoft.com/fwlink/?LinkId=132908&clcid=0x409).

• As part of the installation process, you are required to activate your copy of
Windows with Microsoft. In order to activate Windows over the Internet, Dynamic
Host Configuration Protocol has to be used on the internal virtual network that you
select to use with IAG, and you must use one of the following IP address ranges:

• 10.0.0.0 through 10.255.255.255

• 172.16.0.0 through 172.31.255.255

• 192.168.0.0 through 192.168.255.255

To begin installing IAG as a virtual machine, see Installing a Hyper-V role on the computer
running Windows Server 2008.

Installing a Hyper-V role on the computer

running Windows Server 2008
The first step in installing IAG as a virtual machine is installing a Hyper-V role on the
computer running Windows Server 2008.

You can install the Hyper-V role either on a computer running a full installation of Windows
Server 2008 or on a computer running a Server Core installation of Windows Server 2008. It
is recommended that you install Hyper-V role on a computer that is running a Server Core
installation of Windows Server 2008. The following procedure applies to both installation
types.

To install the Hyper-V role on the computer running Windows Server 2008
1. Download the latest version of Hyper-V from Hyper-V Update for Windows Server 2008 x64
Edition (http://go.microsoft.com/fwlink/?LinkID=122395&clcid=0x409).

2. Follow the instructions described in Hyper-V Getting Started Guide

(http://go.microsoft.com/fwlink/?LinkID=122696&clcid=0x409).

3
 Downloading the trial version VHD for IAG
with SP2
Follow the instructions in this topic to download the trial version of the virtual hard disk (VHD)
of IAG 2007 with SP2.

To download the VHD of IAG with SP2

1. Access Evaluate Microsoft Whale Communications Intelligent Application Gateway 2007 with Service
Pack 2 (http://technet.microsoft.com/evalcenter/dd183099.aspx) on the TechNet Evaluation Center. In the
Select Your Language (Country) list, select a language, and then next to the language selection box, click
the right arrow.

2. Sign in to Windows Live™ ID, fill out the registration form, and then click the Continue button.

3. If you need only one product key, on the Product Keys page, copy the product key, and then click the
Download Now button.

If you need more than one product key, on the Product Keys page, copy the product key, click the Get an
Additional Product Key button to generate additional keys, and then click the Download Now button.

You are transferred to the Microsoft Download Center.

4. On the Microsoft Whale Communications Intelligent Application Gateway 2007 with Service Pack 2
page, click the Download button. On the File download dialog box, click the Save button, and then save the
IAG2007SP2-EVAL.VHD file on the computer on which you want to install the trial version of the IAG virtual
machine.

Creating an IAG virtual machine

After you have downloaded the VHD from the Microsoft Download Center, you can create a
virtual machine via the Hyper-V Manager and then connect it to the VHD you have
downloaded. The following procedure describes how you create a new virtual machine and
allocate memory for it.

If you installed the Hyper-V role on a computer running a Server Core installation of Windows
Server 2008, make sure you have Hyper-V Manager installed on the remote computer from
which you want to manage the Hyper-V role.

To create a new virtual machine

1. If you are connecting to Hyper-V Manager from the computer on which the Hyper-V role is installed, click
Start, click Administrative Tools, and then click Hyper-V Manager.

If you are connecting from a remote computer, on the remote computer, do the following:

4
 a. Click Start, click Administrative Tools, click Hyper-V Manager.

b. On the Hyper-V Manager menu, click Action, and then click Connect to Server.

c. At a command prompt, type the following, and then press ENTER:

cmdkey

Use the instructions displayed in order to add the credentials for the computer running the Hyper-V role. For
example:

cmdkey /add:<Hyper-V Server> /user:<Hyper-V Server>\administrator /pass:password

d. On the Select Computer dialog box, click Another Computer, and then type the name of the
computer to which you want to access remotely.
2. On the Hyper-V Manager window, in the Action pane, click New, and then click Virtual machine. The
New Virtual Machine Wizard opens.

3. If the Before You Begin page opens, click Next.

4. On the Specify Name and Location page, do the following, and then click Next:

a. In the Name box, type a name for the virtual machine. For example, IAG Virtual Machine.

b. To select a location other than the default location, select Store the virtual machine in a
different location, click Browse, and then select a new location.

5. On the Assign Memory page, in the Memory box, type the amount of memory that you want to allocate,
and then click Next.

Note:
The minimal requirement is: 2,048 megabytes.

6. On the Configure Networking page, do not change the settings, and then click Next.

7. On the Connect Virtual Hard Disk page, select Attach a virtual hard disk later, and then click Next.

8. On the completion screen, click Finish.

A new virtual machine is created.

Creating virtual networks and binding them

to the IAG virtual machine adapters
After you have created the IAG virtual machine, you need to create external virtual networks
and bind them to the physical network adapter so that physical computers can access a
physical network. You must create at least two external virtual networks: one for internal
physical network adapters and one for external physical network adapters.

5
 To create virtual networks and bind them to the virtual machine adapter
1. On the computer on which you want to install the IAG virtual machine, click Start, click Administrative
Tools, and then click Hyper-V Manager.

2. In the Hyper-V Manager window, in the Action pane, click Virtual Network Manager.

3. On the Virtual Network Manager page, in the Create Virtual Network group box, click External, and
then click Add.

4. On the Virtual Network Manager page, in the Connection Type group box, make sure that the External
button is selected.

5. In the list, click the adapter that will serve as the IAG external adapter.

6. In the New Virtual Network group box, in the Name box, enter a logical name for this adapter, and then
click Apply.

7. Repeat steps 3 though 6 in order to add the adapter that will serve as the IAG internal adapter.

8. In the Hyper-V Manager window, in the Actions pane, click Settings.

9. On the Settings for virtual machine page, in the tree, click Add Hardware, click Network Adapter, and
then click Add.

10. In the Network Adapter group box, in the Network list, click the virtual network that you want to connect
to the server on which the virtual machine is running, and then click Apply.

There must be at least two network adapters: one representing the external IAG network adapter and one
representing internal IAG network adapters. One network adapter is defined when you create the IAG virtual
machine in Creating an IAG virtual machine. If necessary, repeat step 10 to create additional network adapters.

Connecting the hard disk to the IAG virtual

machine
To connect the hard disk to the virtual machine and configure disk attributes, perform the
following procedure.

To connect the hard disk to the virtual machine

• Follow the instructions in the "To add a hard disk to a virtual machine" procedure in Configuring Disks
and Storage (http://go.microsoft.com/fwlink/?LinkId=122894&clcid=0x409).

When you reach step 7, click Browse, select the .vhd file that you downloaded in Downloading the trial version
VHD for IAG with SP2, click Open, and then click Apply.

Important:
Before you complete the procedure and perform the final step, on the Settings for virtual machine page,

6
 do the following:

• In the Processor group box, click Processor, and then in the Number of logical processors
list, click 2.

• If there is more than one virtual machine running on your Hyper-V virtualization platform, in the
Resource control group box, in the Virtual machine reserve (percentage) box, type 100.

Converting the IAG virtual machine

dynamic disk to a fixed virtual hard disk
The IAG virtual machine is available in a dynamic disk with logical disk space of 35 gigabytes.

It is recommended that you convert the dynamic disk to a fixed virtual hard disk, because it
may improve performance.

To convert the IAG virtual machine dynamic disk to a fixed virtual hard disk
1. In the Hyper-V Manager window, in the left navigation pane, click the Hyper-V server, and then in the
Actions pane, click Edit Disk.

2. In the Edit Virtual Hard Disk Wizard, on the Locate Virtual Hard Disk page, click Browse, and then
select the .vhd file of the IAG virtual machine that you have downloaded. Click Open, and then click Next.

3. On the Choose Action page, click the Convert button, and then click Next.

4. On the Convert Virtual Hard Disk page, type a name for the fixed virtual hard disk.

If you want to change the default location, click Browse, select a new location, and then click Save.

When you are finished on this page, click Next.

5. On the completion page, click Finish.

The conversion may take a few minutes to complete.

6. In the Hardware navigation page, click the previous hard drive (IDE Controller 0), and then click the
Remove button.

7. On the Settings for virtual machine page, click Add, and then click Browse. Select the file that you
created in step 4, and then click Open. On the Settings for virtual machine page, click OK.

7
Setting the IAG virtual machine to run
automatically
You can set the virtual machine to run automatically every time the computer on which it is
installed is started.

To set the virtual machine to run automatically

• In the Hyper-V Manager window, in the Actions pane, click Settings.

• On the Settings for virtual machine page, in the left navigation pane, click Automatic Start
Action, click Always start this virtual machine automatically, and then click OK.

Starting the IAG virtual machine

Starting the virtual machine is like flipping the power switch in a physical appliance. If you
performed the procedure in Setting the IAG virtual machine to run automatically, the virtual
machine starts automatically every time the server on which it is installed is started.

To start the virtual machine manually

1. In the Hyper-V Manager window, in the machines list, click the virtual machine, and then, in the
Actions pane, click Connect.

2. In the Hyper-V Manager window, on the menu, click the Start icon.

Configuring Windows settings for the IAG

virtual machine
The first time you start the IAG virtual machine, the Windows® Mini-Setup wizard starts
automatically.

The Windows Mini-Setup wizard starts the first time a computer starts from a hard disk that
has been duplicated. The wizard gathers any information that is needed for the newly
duplicated hard disk.

For the IAG virtual machine to be usable, you must configure Windows settings by using the
Windows Mini-Setup wizard.

8
 Before you begin
To efficiently configure Windows settings, make sure that you have the following information.

Parameter Description

Computer name This is the computer name to be used for the appliance.
Make sure that the name is not already in use on the
network. It should be 15 characters or less, and it should
contain only letters and numbers.

Administrator password During setup, you specify an administrator password for

the appliance.

Note:
The password must conform with security
requirements; it must have at least eight
characters that are a mixture of uppercase and
lowercase letters, numbers, and non-
alphanumeric characters (for example, !, $, #,
%).

Product key Obtained during download of trial software. For details,

see Downloading the trial version VHD for IAG with SP2.

As part of the configuration process, you are required to activate your copy of Windows with
Microsoft. In order to activate Windows over the Internet, Dynamic Host Configuration
Protocol (DCHP) has to be used on the internal virtual network that you defined in Creating
virtual networks and binding them to the IAG virtual machine adapters, and you must use one
of the following one of the following IP address ranges:

• 10.0.0.0 through 10.255.255.255

• 172.16.0.0 through 172.31.255.255

• 192.168.0.0 through 192.168.255.255

In cases where DHCP is not used or where DHCP is used with a different IP address range,
you need to telephone a customer service representative in order to activate Windows.

Configuring Windows settings

To configure Windows settings
1. On the Welcome to the Windows Setup Wizard page, click Next.

9
 2. On the Your Product Key page type the product key and then click Next.

3. On the Computer Name and Administrator Password page, do the following, and then click
Next:

a. In the Computer name box, type the computer name you recorded.

b. In the Administrator password box, type the administrator password you recorded.

c. In the Confirm password box, type the administrator password again.

The appliance performs some final tasks and then automatically restarts.

4. Restart the virtual machine, and then log on with the administrator password you specified.

5. On the Windows Product Activation dialog box, click the Yes button, and then on the Let's
activate Windows dialog box, select one of the following options for activating Windows:

• To activate Windows over the Internet, click Yes, let's activate Windows over the
Internet now, and then click the Next button. Proceed to step 6 of this procedure.

• If you cannot activate Windows over the Internet, click Yes, I want to telephone a
customer service representative to activate Windows, click the Next button, and then
follow the instructions to activate Windows. After Windows activation is complete, proceed
to step 8 of this procedure

6. On the Register with Microsoft? dialog box, select whether to register your copy of Windows
with Microsoft during activation, and then click the Next button.

7. On the Configure your network settings dialog box, select the option that is relevant to your
Internet connection, and then, if required, enter the address and port number of the proxy server.
Click the Next button, and then on the Thank You! dialog box, click the OK button.

8. A script runs to initialize the IAG virtual machine. This may take a few minutes.

You do not need to take any action; the initialization continues. The setup script continues in order to
complete the server hardening and ISA Server configuration. When the script completes, the virtual
machine restarts.

Configuring remote management of the

IAG virtual machine
You may want to administer IAG from another computer. Remote administration can be
performed by using Terminal Services Remote Desktop in order to create a Remote Desktop
Protocol (RDP) connection to the IAG virtual machine. IAG is configured by default to allow a
single concurrent Remote Desktop Connection. To configure remote management by using
RDP, you need to install an RDP client on the computer to be used for remote management,

10
 enable Remote Desktop on the appliance, and modify ISA Server access rules in order to
allow RDP access. Complete the following procedures in order to configure RDP access to
the virtual machine.

To configure RDP access to the virtual machine

• On the computer you want to use for remote management, check that Remote Desktop is
installed.

On computers running Windows Server 2003 and Windows XP, Remote Desktop is installed by
default. If it is not installed, run Windows Setup, and add it as an additional component. For
computers running other operating systems, to download the Remote Desktop Connection
software, see Results for - "RDP client"
(http://go.microsoft.com/fwlink/?LinkId=124013&clcid=0x409) at the Microsoft Download Center,
and then select your operating system from the list of results.

To allow remote connections on the virtual machine

1. Click Start, click Control Panel, and then double-click System.

2. On the System Properties page, on the Remote tab, select Enable Remote Desktop on
this computer.

ISA Server has a predefined computer set that specifies all of the computers allowed to
remotely manage the appliance. This predefined computer set is used in a number of system
policy rules in ISA Server. These rules allow access to and from the appliance running ISA
Server. To set up remote access, you must add the computer you want to use for remote
management to this set, as described in the following procedure.

To set remote access to ISA Server

1. Click Start, click All Programs, click Microsoft ISA Server, and then click ISA Server
Management.

2. Expand Microsoft Internet Security and Accelerating Server 2006, expand Server Name,
and then click Firewall Policy.

3. On the Toolbox tab, click Network Objects.

4. Expand Computer Sets, and then double-click Remote Management Computers.

5. On the Remote Management Computers Properties dialog box, click Add, and then select
Computer.

6. On the New Computer Rule Element dialog box, type the name of the computer, in
Computer IP Address, enter the IP address of the remote computer, and then in the Description
box, provide an optional description. On the New Computer Rule Element dialog box, click OK.

7. On the Remote Management Computers Properties dialog box, click OK.

11
8. On the Apply Changes bar, click the Apply button, and then on the Saving Configuration
Changes dialog box, click OK.

Configuring regional and language settings

for the IAG virtual machine
Before beginning to configure the IAG virtual machine, you may want to configure regional
and language settings.

To configure regional and language settings

1. Click Start, click Control panel, and then click Regional and Language Options.

2. On the Regional and Language Options page, click the Customize Regional Options
button. On the Date and Time tab, make the necessary adjustments.

3. On the Regional and Language Options page, click the Keyboards and Languages tab,
and then make the necessary adjustments. Click OK.

Adding the IAG virtual machine to a

domain
The following are tasks for which IAG must be part of a domain:

• Enabling Kerberos constrained delegation

• Enabling File Access

• Using integrated Windows authentication

• To add the IAG virtual machine to a domain, perform the following procedure.

To add the IAG virtual machine to a domain

1. Click Start, right-click My Computer, and then click Properties.

2. On the Computer Name tab, click Change.

3. In the Member of group box, click the Domain button, and then in the text box, type the domain
name.

12
If the appliance will remain in workgroup mode, you can modify the name of the workgroup if required.

13