Microsoft's ISA Server (Internet Security and Acceleration Server) is the successor to Microsoft's Proxy Server 2.0 (see proxy server) and is part of Microsoft's .NET support. ISA Server provides the two basic services of an enterprise firewall and a Web proxy/cache server. ISA Server's firewall screens all packet-level, circuit-level, and application-level traffic. The Web cache stores and serves all regularly accessed Web content in order to reduce network traffic and provide faster access to frequently-accessed Web pages. ISA Server also schedules downloads of Web page updates for non-peak times.
ISA Server allows administrators to create policies for regulating usage based on user, group, application, destination, schedule, and content type criteria. ISA Server is designed to work with Windows 2000 and later operating systems and to take advantage of Windows' Kerberos security. ISA Server includes a software development kit (SDK).
ISA Server comes in two editions, Standard Edition and Enterprise Edition. Standard Edition is a stand-alone server that supports up to four processors. Enterprise Edition is for large-scale deployments, server array support, multi-level policy, and computers with more than four processors. Licenses are based on the number of processors.
ISA Server allows administrators to create policies for regulating usage based on user, group, application, destination, schedule, and content type criteria. ISA Server is designed to work with Windows 2000 and later operating systems and to take advantage of Windows' Kerberos security. ISA Server includes a software development kit (SDK).
ISA Server comes in two editions, Standard Edition and Enterprise Edition. Standard Edition is a stand-alone server that supports up to four processors. Enterprise Edition is for large-scale deployments, server array support, multi-level policy, and computers with more than four processors. Licenses are based on the number of processors.
ISA Server carries new terms that need to be understood before attempting product deployment on the network.
- Array – a group of ISA computers that are located close together, for example a department, office, and region. There are two types of arrays:
Domain Arrays – that use Active Directory. A domain array can encompass computers located within a single domain.Independent Arrays
– allow storage of information not in the Active Directory, but in a
local configuration database. This array is mainly used in NT 4.0 based
networks.
- Rule – with rules, the system administrator can set up a series of protocols to govern sites, contents, protocols, and IP packet filters.
-
Array policy – a set of rules that define the array policy. Such a policy can be applied to any specific (and single) array.
- Enterprise policy – enterprise-level policies contain similar rules to those established in array policies but they are applied to multiple arrays.
ISA Server supports many more functions than its predecessor. The following options are available with this new product:
-
Firewall – the Firewall client is an extension to the ISA Server that features an enhanced set of functions allowing it to compete with other similar products available on the IT market. With Firewall client, Active Directory can be supported from Windows 2000 (or the SAM databases from NT). These are used to provide specific security functions at user or group level. This feature is not supported by a majority of third-party products that use either separate user databases or IP addressing. Firewall functions are enhanced to support so called stateful packet inspection, i.e. a solution for improved security where data packets passing through the firewall are intercepted and analyzed at either a protocol or connectivity level.
-
Policy-based administration – ISA Server lets the administrators manage using predefined policy rules. Policies can include a set of consistent rules regarding users, groups of users, protocols etc. A specific policy may apply to a single array or globally, to the whole enterprise. For businesses that use networks with Active Directory enhancements, multi-tiered enterprise policies are those that match their needs to have a comprehensive IT system, to facilitate management of the entire enterprise and its infrastructure.
-
Virtual Private Network Support – ISA Server provides an easy solution to create VPN – based networks. The wizards supplied with ISA Server help to configure VPN tunneling and may activate the RRAS service if not already initialized.
-
Dynamic IP filtering – depending on the security policy used, an enterprise can dynamically open firewall ports for authorized Internet users on a session-by-session basis. This considerably simplifies the administrator’s duties in situations where there are applications that frequently change ports though they communicate with each other.
-
IDS (Intrusion Detection System) – Microsoft has equipped the ISA Server with an Intrusion Detection System. This module had been purchased from Internet Security Systems, the leading developer in these IT solutions. Thus, ISA offers out-of-box support for preventing several types of attacks including WinNuke, Ping of Death, Land, UDP bombs, POP Buffer Overflow, Scan Attack. Once an attack has been detected and identified, ISA may decide either to disable the attack or notify administrators about the event.
-
Web Cache – ISA Server provides fast Web caching performance. Administrators are allowed to automatically refresh frequently requested www pages on reverse and scheduled caching basis.
-
Reports – the major point of contrast between ISA and its predecessor i.e. Proxy Server 2.0 is that ISA features numerous report generating possibilities. By scheduling report generation connected. for example, with the users’ actions or security related events, managing ISA Server based networks is a simple task.
-
Gatekeeper H.323 – this component allows ISA Server to manage IP telephony calls or H.323-based VoIP applications (for example Microsoft NetMeeting 3.0). The DNS SRV record must be registered in order to have gatekeeper enabled.
-
Client Deployment – with SecureNAT (Network Address Translation) feature, ISA Server delivers to clients and servers a transparent and secure access to the Internet with no need to configure extra software on client machines. SecureNAT allows monitoring of all traffic in ISA Server.
Therefore,
instead of being a simple product improvement, Microsoft Internet
Security and Acceleration Server fills a gap in the range of this type
of products available at the Redmond colossus and is trying to jump
aggressively into the mass market sector associated with Web security
and fast Web access. The new potential implemented in ISA Server is
expected to allow Microsoft to compete effectively in this business
area.
It
should be noted that Microsoft’s engineers carefully integrate all
products together to bring the Company’s vision of a .NET platform to
businesses.
The minimum hardware requirements recommended by Microsoft for this product are:
- 300MHz or higher Pentium II compatible CPU,
- 256 MB of RAM,
- 2 GB hard-disk space on NTFS formatted partition,
- 200 MB of available hard-disk space for installation.
ISA Server requires a computer running Windows 2000 upgraded to Service Pack 1 or greater.
Problems
with insufficient server capacity may occur with this type of
configuration. Thus, for various ISA Server usage scenarios, the
hardware should be adequately strengthened.
If
ISA Server is to be used as a firewall, one will need to consider how
powerful the CPU should be in terms of throughput requirements.
Throughput requirements
|
Recommended CPU
|
Pentium II 300 MHz – 500 MHz
| |
From 25 Mbyte/s to 50 Mbyte/s
|
Pentium III 550 MHz or better
|
More than 50 Mbyte/s
|
Pentium III 550 MHz or better for each 50Mb
|
Obviously
these values can only be used as a reference when planning the ISA
Server’s hardware to meet the expected load. This may vary in function
or various usage scenarios (such as the type of transmitted data).
In
case ISA Server is to be deployed as a Forward Cache, in addition to an
adequate CPU capacity consider also requirements for RAM and high free
disk space available for caching purposes.
Number of users
|
Recommended processor
|
Minimal RAM capacity (Mb)
|
Recommended disk space allocated for caching
|
Up to 250
|
Pentium II 300 MHz
|
256
|
4 GB
|
250 – 2000
|
Pentium III 550 MHZ
|
256
|
10 GB
|
More than 2000
|
Pentium III 550 MHz for every 2,000 users
|
256 for every 2000 users
|
10 GB for every 2,000 users
|
Secure
Internet Access is one of the fundamental features provided by ISA
Server. It is increasingly necessary to improve security tools and check
users that access the network from outside, especially in a situation
where the Global Web is vulnerable to outside interference from viruses,
trojan horses or hacker attacks. One
may also wish to improve security to monitor network users and protect
the network from potential Internet threats. To face this challenge and
provide solutions for a broad landscape of users, Microsoft has
implemented three types of clients in ISA Server:
- Firewall clients – all computers that have Firewall Client software installed and active,
- SecureNat clients – all computers that do not have Firewall Client software installed,
- Web Proxy clients – all Web browser clients are configured to use ISA Server.
About ISA server installation
Useful information, your blog is sharing unique information.keep it up.
ReplyDeleteFacility Management Software in UAE
Best Facility Management software in Abu Dhabi
Facility Management software company in UAE
Best FM software company in UAE
Top FM software company in Abu Dhabi
Really Wonderful stuff. Keep on posting related topics. ISO 22301
ReplyDeleteThanks for sharing this post, its really nice.
ReplyDeleteISO 20000 Certification Cost
Really nice and informative..I found this blog very useful. ISO 20000 Certification UAE
ReplyDeleteThanks you for sharing this unique useful information content with us. Really awesome work... ISO 14001 Lead Auditor Course Saudi
ReplyDeleteIt is really very helpful for us and I have gathered some important information from this blog... ISO Lead Auditor Course in Oman
ReplyDelete
ReplyDeleteAwesome Article thanks for share your valuable information and you are a restaurant owner build your business with features of our Multi restaurant delivery software
Multi restaurant delivery software