2 Installing and Maintaining Isa Server 2006

8/13/2019 2 Installing and Maintaining Isa Server 2006

1/28

1

Installing and Maintaining ISA

Server 2006


2/28

2

Planning an ISA Server Deployment

Understand the current network infrastructure.

Review company security policies.

Plan the required network infrastructure.

Plan for branch office installations.

Plan for availability and fault tolerance.

Plan for access to the Internet.

Plan the ISA Server client implementation and

deployment. Plan for server publishing.

Plan for VPN deployment.

Plan the implementation.


3/28

3

Network infrastructure

External interface

connects to the InternetInternal interface connects

to internal network


4/28

4

Network Infrastructure Requirements

DNS

Domain controllers

DHCP


5/28

5

Domain Name System Requirements

To connect to resources on the Internet.

To enable access to Internet resources

Use: Internal DNS Server

External DNS Server


6/28

6

Domain Controller Requirements

Restrict access to Internet resources based on

user accounts

Require authentication before users can

access published servers

ISA Server 2006 provides several options for

authenticating the users.


7/28

7

Dynamic Host Configuration Protocol

Requirements

DHCP is not required to support an ISA Serverinfrastructure!

is highly recommended to simplify network

management. The advantage of using DHCP is that it can

provide the IPconfiguration for all the client

computers on your network automatically.This can make your ISA Server deploymentmuch more efficient.


8/28

8

Operating System Requirements

Component Requirement

OS Windows Server 2003 with SP1 or

higher

Processor Single 733MHz Pentium III

equivalent

Memory 512MB of memory

Disk Space 150MB available (for installation ofISA software)

Network Cards / ISDN

Adapter / Modem

One OS-compatible card per

connected network


9/28

9

Choosing an ISA Server Client

ISA Server Client Options

Firewall clients

SecureNAT clients Web Proxy clients


10/28

10

What Is a Firewall Client?

Install

Firewall

client

Use the Firewall Client application

when initiating connections to the ISA

Server computer!


11/28

11

Advantages of using Firewall client

Firewall clients enable user or group based

access control and logging.

When a Firewall client connects to ISA Server,

the Firewall service automatically

authenticates the user.

The Firewall Client software can configure the

Web Proxy browser automatically.


12/28

12

Disadvantages of using Firewall client

Must install the Firewall Client software on theclient computers.

A large number of client computers in

organization and have no means ofautomating the client installation, it willrequire a significant effort to deploy the client.

The Firewall client can only be installed onWindows computers.


13/28

13

What is a SecureNAT Client?


14/28

14

What is a SecureNAT Client?

Do not have Firewall Client software.

Configure the default gateway on the

SecureNAT clients and configure network

routing, so that all traffic destined to the

Internet is sent through the ISA Server

computer.


15/28

15

Advantages of using SecureNAT Client

SecureNAT clients also provide almost as muchfunctionality as Firewall clients.

Requests from SecureNAT clients can be passed to

application filters, which can modify the requeststo enable handling of complex protocols.

SecureNAT can use the Web Proxy service for Webaccess filtering and caching.

Any operating system that supports TransmissionControl Protocol/Internet Protocol.

(TCP/IP) can be configured as a SecureNAT client.


16/28

16

Advantages of using SecureNAT Client

Can not control access to Internet resources

based on users and groups

SecureNAT clients may not be able to use all

protocols.


17/28

17

Example

How to configure the

client computers route

Internet requests to the

ISA Server computer?


18/28

18

What Is a Web Proxy Client?


19/28

19

What Is a Web Proxy Client?

A Web Proxy client is a client computer thathas an HTTP 1.1compliant Web browserapplication and is configured to use the ISA

Server computer as a Web Proxy server. Do not have to install any software to

configure Web Proxy clients.

Must configure the Web applications on theclient computers to use the ISA Servercomputer as a proxy server.


20/28


21/28

21

Maintaining ISA Server 2006

Export the ISA Server Configuration.

Import the ISA Server Configuration.

Back Up the ISA Server Configuration. Restore the ISA Server Configuration.


22/28

22

How to Export and Import the ISA

Server Configuration

Cloning a server

Saving a partial configuration.

Sending a configuration fo troubleshooting. Rolling back a configuration change.


23/28

23

How to Install ISA 2006


24/28

24

How to Install ISA 2006

Add Internal

Network adress


25/28

25

ISA Server 2006


26/28

26




27/28

27




28/28

28



Documents

2 Installing and Maintaining Isa Server 2006