Installing and Maintaining ISA Server 2006

advertisement
Installing and Maintaining ISA
Server 2006
1
Planning an ISA Server Deployment
•
•
•
•
•
•
•
Understand the current network infrastructure.
Review company security policies.
Plan the required network infrastructure.
Plan for branch office installations.
Plan for availability and fault tolerance.
Plan for access to the Internet.
Plan the ISA Server client implementation and
deployment.
• Plan for server publishing.
• Plan for VPN deployment.
• Plan the implementation.
2
Network infrastructure
Internal interface connects
to internal network
External interface
connects to the Internet
3
Network Infrastructure Requirements
• DNS
• Domain controllers
• DHCP
4
Domain Name System Requirements
• To connect to resources on the Internet.
• To enable access to Internet resources
Use:
• Internal DNS Server
• External DNS Server
5
Domain Controller Requirements
• Restrict access to Internet resources based on
user accounts
• Require authentication before users can
access published servers
• ISA Server 2006 provides several options for
authenticating the users.
6
Dynamic Host Configuration Protocol
Requirements
• DHCP is not required to support an ISA Server
infrastructure!
• is highly recommended to simplify network
management.
• The advantage of using DHCP is that it can
provide the IPconfiguration for all the client
computers on your network automatically.
This can make your ISA Server deployment
much more efficient.
7
Operating System Requirements
Component
Requirement
OS
Windows Server 2003 with SP1 or
higher
Processor
Single 733MHz Pentium III
equivalent
Memory 512MB of memory
Disk Space
150MB available (for installation of
ISA software)
Network Cards / ISDN
Adapter / Modem
One OS-compatible card per
connected network
8
Choosing an ISA Server Client
ISA Server Client Options
• Firewall clients
• SecureNAT clients
• Web Proxy clients
9
What Is a Firewall Client?
Install
Firewall
client
Use the Firewall Client application
when initiating connections to the ISA
Server computer!
10
Advantages of using Firewall client
• Firewall clients enable user or group based
access control and logging.
• When a Firewall client connects to ISA Server,
the Firewall service automatically
authenticates the user.
• The Firewall Client software can configure the
Web Proxy browser automatically.
11
Disadvantages of using Firewall client
• Must install the Firewall Client software on the
client computers.
• A large number of client computers in
organization and have no means of
automating the client installation, it will
require a significant effort to deploy the client.
• The Firewall client can only be installed on
Windows computers.
12
What is a SecureNAT Client?
13
What is a SecureNAT Client?
• Do not have Firewall Client software.
• Configure the default gateway on the
SecureNAT clients and configure network
routing, so that all traffic destined to the
Internet is sent through the ISA Server
computer.
14
Advantages of using SecureNAT Client
• SecureNAT clients also provide almost as much
functionality as Firewall clients.
• Requests from SecureNAT clients can be passed to
application filters, which can modify the requests
to enable handling of complex protocols.
• SecureNAT can use the Web Proxy service for Web
access filtering and caching.
• Any operating system that supports Transmission
Control Protocol/Internet Protocol.
• (TCP/IP) can be configured as a SecureNAT client.
15
Advantages of using SecureNAT Client
• Can not control access to Internet resources
based on users and groups
• SecureNAT clients may not be able to use all
protocols.
16
Example
How to configure the
client computers route
Internet requests to the
ISA Server computer?
17
What Is a Web Proxy Client?
18
What Is a Web Proxy Client?
• A Web Proxy client is a client computer that
has an HTTP 1.1–compliant Web browser
application and is configured to use the ISA
Server computer as a Web Proxy server.
• Do not have to install any software to
configure Web Proxy clients.
• Must configure the Web applications on the
client computers to use the ISA Server
computer as a proxy server.
19
Guidelines for Choosing ISA Server
Clients
If You Need To
Then Use
Avoid deploying or configuring
client software
SecureNAT clients
Use ISA Server only for accessing
Web resources using HTTP or
HTTPS
SecureNAT or Web Proxy
clients
Allow access only for
authenticated clients
Firewall clients or Web Proxy
clients
Publish servers that are located
on your Internal network
SecureNAT clients
Improve Web performance in an
environment with non-Windows
operating systems
Web Proxy or SecureNAT
clients
20
Maintaining ISA Server 2006
•
•
•
•
Export the ISA Server Configuration.
Import the ISA Server Configuration.
Back Up the ISA Server Configuration.
Restore the ISA Server Configuration.
21
How to Export and Import the ISA
Server Configuration
•
•
•
•
Cloning a server
Saving a partial configuration.
Sending a configuration fo troubleshooting.
Rolling back a configuration change.
22
How to Install ISA 2006
23
How to Install ISA 2006
Add Internal
Network adress
24
ISA Server 2006
25
How to Export and Import the ISA
Server Configuration
26
How to Export and Import the ISA
Server Configuration
27
How to Export and Import the ISA
Server Configuration
28
Download