Embed Size (px)
Citation preview
Module 9:Configuring ISA Server
for the Enterprise
Overview
Introducing ISA Server Enterprise Edition
Installing ISA Server in the Enterprise
Using Enterprise Policies and Array Policies
Managing Network Connections
Scaling ISA Server
Extending and Automating ISA Server Functionality
Introducing ISA Server Enterprise Edition
Benefits of ISA Server Enterprise Edition
Using ISA Server Enterprise Edition
Benefits of ISA Server Enterprise Edition
ScalabilityScalabilityScales ISA Server functionality by using arrays, symmetric multiprocessing, Network Load Balancing, and CARP.
Scales ISA Server functionality by using arrays, symmetric multiprocessing, Network Load Balancing, and CARP.
Distributed and Hierarchical
Caching
Distributed and Hierarchical
CachingEnhances caching performance and fault tolerance. Enhances caching performance and fault tolerance.
Active DirectoryActive Directory
Tiered Policy Tiered Policy
Contains configuration and policy information and used to apply access controls to users and groups. Contains configuration and policy information and used to apply access controls to users and groups.
Enables you to create policies at both the array and enterprise level. Enables you to create policies at both the array and enterprise level.
Using ISA Server Enterprise Edition
ISA Management
Action View
Configure enterpriseInternet Security and Acceleration ServerTree
You can create one or more enterprise policies that can be applied to arrays. At the enterprise level, you control whether additional rules can be created at the array level.
Use this taskpad to configure how the enterprise policy affects the array policy.
Servers and Arrays: Array Description Type Mode Created Applied Enterprise Po
LONDON Array Integrated 1/4/2001 7:19… Enterprise Policy 1PERTH Array Integrated 1/4/2001 7:52… Enterprise Policy 1VANCOUVER Array Integrated 1/4/2001 7:33… Enterprise Policy 1
Welcome Servers and Arrays Enterprise Backup Monitoring Help
Configure EnterprisePolicies
Configure EnterprisePolicy Default Settings
Set Enterprise Policy for the Selected Array
Set Defaults…Back Up…Restore…View
RefreshExport List…Properties
Help
Installing ISA Server in the Enterprise
Installing ISA Server Schema in Active Directory
Using Arrays
Installing ISA Server in an Array
Creating and Deleting Arrays in ISA Management
Promoting a Stand-Alone Server
Maintaining Enterprise Configurations
Installing ISA Server Schema in Active Directory
Select an option to configure enterprise policy.
OK Cancel
Specify how to apply the enterprise policy at the array level. Afterinstallation, you can modify these settings for any array in the enterprise.
When applying enterprise policy:
Use array policy only
Use this enterprise policy:
ISA Enterprise Initialization
Enterprise Policy 1
Also allow array-level access policy rules that restrict enterprise policy
Allow publishing rules
Force packet filtering on the array
Using Arrays
Guidelines for Setting Up Arrays
Configuration Settings for Arrays
Permissions Required for Adding Arrays
Installing ISA Server in an Array
Run SetupRun Setup
Install ISA Server as an ArrayInstall ISA Server as an Array
Create and Name ArrayCreate and Name Array
Select an Enterprise Policy Setting Select an Enterprise Policy Setting
Select Custom Policy SettingsSelect Custom Policy Settings FinishFinishFinishFinish
StartStartStartStart
Creating and Deleting Arrays in ISA Management
Creating New Arrays
Deleting Arrays
Promoting a Stand-Alone Server
Migrating Policy Settings
Promoting a Stand-Alone Server
Maintaining Enterprise Configurations
ISA Management
Action View
Configure enterpriseInternet Security and Acceleration ServerTree
You can create one or more enterprise policies that can be applied to arrays. At the enterprise level, you control whether additional rules can be created at the array level.
Use this taskpad to configure how the enterprise policy affects the array policy.
Servers and Arrays: Array Description Type Mode Created Applied Enterprise Po
LONDON Array Integrated 1/4/2001 7:19… Enterprise Policy 1PERTH Array Integrated 1/4/2001 7:52… Enterprise Policy 1VANCOUVER Array Integrated 1/4/2001 7:33… Enterprise Policy 1
Welcome Servers and Arrays Enterprise Backup Monitoring Help
Configure EnterprisePolicies
Configure EnterprisePolicy Default Settings
Set Enterprise Policy for the Selected Array
Set Defaults…Back Up…Restore…View
RefreshExport List…Properties
Help
Backup Enterprise Configuration
Store backup configuration in this location:
OK Cancel
Browse…
Comment:
Restore Enterprise Configuration
Restore configuration from the following backup (.BEF) file:
Cancel
Browse…
OKOKOKOK
Using Enterprise Policies and Array Policies
Configuring an Enterprise Policy
Configuring an Array Policy
Combining Enterprise Policies and Array Policies
Configuring an Enterprise Policy
Using Enterprise Policy Elements
Setting a Default Enterprise Policy
Changing Default Settings for the Enterprise Policy
Applying an Enterprise Policy to Selected Arrays
Configuring an Array Policy
Configuring the Cache for an Array
Forcing Packet Filtering for an Array
Allowing Publishing Rules in an Array
Configuring Server-Specific Settings in ISA Server
Combining Enterprise Policies and Array Policies
LONDON Properties
General
OK Cancel
Use array policy onlyUse array policy only
Apply
Specify whether enterprise policies should be enabled for this array. Then, select the enterprise policy you want to apply.
Allow publishing rules
Force packet filtering on the array
Outgoing Web Requests Incoming Web RequestsPolicies Auto Discovery Performance Security
Use default enterprise policy settings
Use custom enterprise policy settings
Use this enterprise policy:
Enterprise Policy 1
Allow array-level access rules that restrict enterprise policy
Select this option to allow array-level settings.
Managing Network Connections
Routing Overview
Configuring Routing for Web Proxy Client Requests
Configuring Routing for Firewall Client and SecureNAT Client Requests
Automatic Discovery Overview
Configuring Automatic Discovery
Configuring Clients for Automatic Discovery
Customizing Client Discovery Information
Routing Overview
Corporate OfficeCorporate Office
Overseas Branch OfficeOverseas Branch Office
ISA ServerISA Server
Overseas ISPOverseas ISP
Array 1Array 1
Array 2Array 2
Array 3Array 3
Local Requests
Configuring Routing for Web Proxy Client Requests
Name the RuleName the Rule
Select a Destination Set Select a Destination Set
Specify a Request ActionSpecify a Request Action
Configure Primary RoutingConfigure Primary Routing
Configure Backup RoutingConfigure Backup Routing
Configure Cache RetrievalConfigure Cache Retrieval
StartStartStartStart
FinishFinishFinishFinishConfigure Cache StorageConfigure Cache Storage
Configuring Routing for Firewall Client and SecureNAT Client Requests
Network Configuration Properties
Firewall Chaining
OK Cancel
Use this page to specify how requests from Firewall and SecureNat clients are forwarded to upstream servers.
To route requests to upstream servers:
Use primary connection
Apply
Chain to this computer:
Use dial-up entryUse dial-up entry
LONDON Browse…
Use this account: NWTRADERS\Admin
Use dial-up entryUse dial-up entry
Set Account…
Select Server or Array
Select one from the following servers:
OK Cancel
Domain Name Typenwtraders.msft LONDON Server
Set Account
Use this following account:
User:
Password:
Confirm password:
LONDON\Administrator Browse…
OK Cancel
Automatic Discovery Overview
Client contacts DNS or DHCP server for ISA Server information.
11WPAD entry on DHCP or DNS Server points to the ISA Server.
22
Client retrieves configuration information from ISA Server.
33
DNS or DHCPServer
DNS or DHCPServer
Client forwards Internet requests to ISA Server based on configuration information.
44
Alias Name FQDNWPAD isa.domain.msft
ISA Serverisa.domain.msft
ISA Serverisa.domain.msft
ClientClient
Configuring Automatic Discovery
Configuring ISA Server for Automatic Discovery
Configuring a DNS Server for Automatic Discovery
Configuring a DHCP Server for Automatic Discovery
Configuring Clients for Automatic Discovery
Setting Automatic Discovery for Firewall Clients
Setting Automatic Discovery for Internet Explorer
Customizing Client Discovery Information
Customizing Settings for Web Proxy Clients
Customizing Settings for Firewall Clients
Scaling ISA Server
Understanding CARP
Configuring CARP
Understanding Network Load Balancing
Understanding CARP
InternetInternet
array.dll?Get.Info.v1
Web Proxy ClientWeb Proxy Client
Server 2Server 2
Server 1Server 1
Server 3Server 3
Server 4Server 4
Server 5Server 5
Server 1Server 2Server 3Server 4Server 5
Array Membership ListArray Membership List
Configuring CARPLONDON Properties
OK Cancel
Add…Add…
Apply
General Outgoing Web Requests Incoming Web RequestsPolicies Auto Discovery Performance Security
Use the same listener configuration for all internal IP addresses.
Configure listeners individually per IP address
Identification
Enable SSL listeners
Server IP Address Display N… Authentic… Server C…LONDON <All inter… Integrated
RemoveRemove Edit…Edit…
TCP port: 8080
SSL port: 8443
Configure…Ask unauthenticated users for identification
Resolve requests within array before routing
ConnectionsConnection settings
Select to enable CARP.
LONDON Properties
OK Cancel Apply
General Array Memberships
Use this IP address for intra-array communication:Intra-array communication
131 . 107 . 3 . 1 Find…
Specify the load factor for this server. This number indicates the relative cache availability of this server compared to the rest of the array members:
Load Factor
100
Type a number to set the load factor.
Understanding Network Load Balancing
InternetInternet
Cache
Cache
ISA Server ArrayISA Server Array
Published ServerPublished Server
Cache
Extending and Automating ISA Server Functionality
Automating Administration Tasks
Extending Functionality By Using Filters
Automating Administration Tasks
Using the ISA Server SDK
Extending ISA Management
Managing Cache Content
Adding Custom Events and Alerts
Extending Functionality By Using Filters
Creating Application Filters
Creating Web Filters
Lab A: Configuring ISA Server for the Enterprise
Review
Introducing ISA Server Enterprise Edition
Installing ISA Server in the Enterprise
Using Enterprise Policies and Array Policies
Managing Network Connections
Scaling ISA Server
Extending and Automating ISA Server Functionality
