Embed Size (px)
DESCRIPTION
Installing and Maintaining ISA Server 2006. Planning an ISA Server Deployment. Understand the current network infrastructure . Review company security policies . Plan the required network infrastructure . Plan for branch office installations . Plan for availability and fault tolerance . - PowerPoint PPT Presentation
Citation preview
1
Installing and Maintaining ISA Server 2006
2
Planning an ISA Server Deployment• Understand the current network infrastructure.• Review company security policies.• Plan the required network infrastructure.• Plan for branch office installations.• Plan for availability and fault tolerance.• Plan for access to the Internet.• Plan the ISA Server client implementation and
deployment.• Plan for server publishing.• Plan for VPN deployment.• Plan the implementation.
3
Network infrastructure
External interface connects to the InternetInternal interface connects
to internal network
4
Network Infrastructure Requirements
• DNS• Domain controllers• DHCP
5
Domain Name System Requirements
• To connect to resources on the Internet.• To enable access to Internet resourcesUse:• Internal DNS Server• External DNS Server
6
Domain Controller Requirements
• Restrict access to Internet resources based on user accounts
• Require authentication before users can access published servers
• ISA Server 2006 provides several options for authenticating the users.
7
Dynamic Host Configuration Protocol Requirements
• DHCP is not required to support an ISA Server infrastructure!
• is highly recommended to simplify network management.
• The advantage of using DHCP is that it can provide the IPconfiguration for all the client computers on your network automatically. This can make your ISA Server deployment much more efficient.
8
Operating System Requirements
Component Requirement
OS Windows Server 2003 with SP1 or higher
Processor Single 733MHz Pentium III equivalent
Memory 512MB of memory
Disk Space 150MB available (for installation of ISA software)
Network Cards / ISDN Adapter / Modem
One OS-compatible card per connected network
9
Choosing an ISA Server Client
ISA Server Client Options• Firewall clients• SecureNAT clients• Web Proxy clients
10
What Is a Firewall Client?
Install Firewall client
Use the Firewall Client application when initiating connections to the ISA Server computer!
11
Advantages of using Firewall client
• Firewall clients enable user or group based access control and logging.
• When a Firewall client connects to ISA Server, the Firewall service automatically authenticates the user.
• The Firewall Client software can configure the Web Proxy browser automatically.
12
Disadvantages of using Firewall client
• Must install the Firewall Client software on the client computers.
• A large number of client computers in organization and have no means of automating the client installation, it will require a significant effort to deploy the client.
• The Firewall client can only be installed on Windows computers.
13
What is a SecureNAT Client?
14
What is a SecureNAT Client?
• Do not have Firewall Client software.• Configure the default gateway on the
SecureNAT clients and configure network routing, so that all traffic destined to the Internet is sent through the ISA Server computer.
15
Advantages of using SecureNAT Client
• SecureNAT clients also provide almost as much functionality as Firewall clients.
• Requests from SecureNAT clients can be passed to application filters, which can modify the requests to enable handling of complex protocols.
• SecureNAT can use the Web Proxy service for Web access filtering and caching.
• Any operating system that supports Transmission Control Protocol/Internet Protocol.
• (TCP/IP) can be configured as a SecureNAT client.
16
Advantages of using SecureNAT Client
• Can not control access to Internet resources based on users and groups
• SecureNAT clients may not be able to use all protocols.
17
Example
How to configure the client computers route Internet requests to the ISA Server computer?
18
What Is a Web Proxy Client?
19
What Is a Web Proxy Client?
• A Web Proxy client is a client computer that has an HTTP 1.1–compliant Web browser application and is configured to use the ISA Server computer as a Web Proxy server.
• Do not have to install any software to configure Web Proxy clients.
• Must configure the Web applications on the client computers to use the ISA Server computer as a proxy server.
20
Guidelines for Choosing ISA Server Clients
If You Need To Then UseAvoid deploying or configuring
client software
SecureNAT clients
Use ISA Server only for accessing
Web resources using HTTP or
HTTPS
SecureNAT or Web Proxy clients
Allow access only for
authenticated clients
Firewall clients or Web Proxy clients
Publish servers that are located
on your Internal network
SecureNAT clients
Improve Web performance in an
environment with non-Windows
operating systems
Web Proxy or SecureNAT clients
21
Maintaining ISA Server 2006
• Export the ISA Server Configuration.• Import the ISA Server Configuration.• Back Up the ISA Server Configuration.• Restore the ISA Server Configuration.
22
How to Export and Import the ISA Server Configuration
• Cloning a server• Saving a partial configuration.• Sending a configuration fo troubleshooting.• Rolling back a configuration change.
23
How to Install ISA 2006
24
How to Install ISA 2006
Add Internal Network adress
Add Internal Network adress
25
ISA Server 2006
26
How to Export and Import the ISA Server Configuration
27
How to Export and Import the ISA Server Configuration
28
How to Export and Import the ISA Server Configuration
