Installing and Maintaining ISA Server 2006 1 Planning an ISA Server Deployment • • • • • • • Understand the current network infrastructure. Review company security policies. Plan the required network infrastructure. Plan for branch office installations. Plan for availability and fault tolerance. Plan for access to the Internet. Plan the ISA Server client implementation and deployment. • Plan for server publishing. • Plan for VPN deployment. • Plan the implementation. 2 Network infrastructure Internal interface connects to internal network External interface connects to the Internet 3 Network Infrastructure Requirements • DNS • Domain controllers • DHCP 4 Domain Name System Requirements • To connect to resources on the Internet. • To enable access to Internet resources Use: • Internal DNS Server • External DNS Server 5 Domain Controller Requirements • Restrict access to Internet resources based on user accounts • Require authentication before users can access published servers • ISA Server 2006 provides several options for authenticating the users. 6 Dynamic Host Configuration Protocol Requirements • DHCP is not required to support an ISA Server infrastructure! • is highly recommended to simplify network management. • The advantage of using DHCP is that it can provide the IPconfiguration for all the client computers on your network automatically. This can make your ISA Server deployment much more efficient. 7 Operating System Requirements Component Requirement OS Windows Server 2003 with SP1 or higher Processor Single 733MHz Pentium III equivalent Memory 512MB of memory Disk Space 150MB available (for installation of ISA software) Network Cards / ISDN Adapter / Modem One OS-compatible card per connected network 8 Choosing an ISA Server Client ISA Server Client Options • Firewall clients • SecureNAT clients • Web Proxy clients 9 What Is a Firewall Client? Install Firewall client Use the Firewall Client application when initiating connections to the ISA Server computer! 10 Advantages of using Firewall client • Firewall clients enable user or group based access control and logging. • When a Firewall client connects to ISA Server, the Firewall service automatically authenticates the user. • The Firewall Client software can configure the Web Proxy browser automatically. 11 Disadvantages of using Firewall client • Must install the Firewall Client software on the client computers. • A large number of client computers in organization and have no means of automating the client installation, it will require a significant effort to deploy the client. • The Firewall client can only be installed on Windows computers. 12 What is a SecureNAT Client? 13 What is a SecureNAT Client? • Do not have Firewall Client software. • Configure the default gateway on the SecureNAT clients and configure network routing, so that all traffic destined to the Internet is sent through the ISA Server computer. 14 Advantages of using SecureNAT Client • SecureNAT clients also provide almost as much functionality as Firewall clients. • Requests from SecureNAT clients can be passed to application filters, which can modify the requests to enable handling of complex protocols. • SecureNAT can use the Web Proxy service for Web access filtering and caching. • Any operating system that supports Transmission Control Protocol/Internet Protocol. • (TCP/IP) can be configured as a SecureNAT client. 15 Advantages of using SecureNAT Client • Can not control access to Internet resources based on users and groups • SecureNAT clients may not be able to use all protocols. 16 Example How to configure the client computers route Internet requests to the ISA Server computer? 17 What Is a Web Proxy Client? 18 What Is a Web Proxy Client? • A Web Proxy client is a client computer that has an HTTP 1.1–compliant Web browser application and is configured to use the ISA Server computer as a Web Proxy server. • Do not have to install any software to configure Web Proxy clients. • Must configure the Web applications on the client computers to use the ISA Server computer as a proxy server. 19 Guidelines for Choosing ISA Server Clients If You Need To Then Use Avoid deploying or configuring client software SecureNAT clients Use ISA Server only for accessing Web resources using HTTP or HTTPS SecureNAT or Web Proxy clients Allow access only for authenticated clients Firewall clients or Web Proxy clients Publish servers that are located on your Internal network SecureNAT clients Improve Web performance in an environment with non-Windows operating systems Web Proxy or SecureNAT clients 20 Maintaining ISA Server 2006 • • • • Export the ISA Server Configuration. Import the ISA Server Configuration. Back Up the ISA Server Configuration. Restore the ISA Server Configuration. 21 How to Export and Import the ISA Server Configuration • • • • Cloning a server Saving a partial configuration. Sending a configuration fo troubleshooting. Rolling back a configuration change. 22 How to Install ISA 2006 23 How to Install ISA 2006 Add Internal Network adress 24 ISA Server 2006 25 How to Export and Import the ISA Server Configuration 26 How to Export and Import the ISA Server Configuration 27 How to Export and Import the ISA Server Configuration 28