Microsoft ISA (Internet Security and Acceleration) Server 2000 is part of the .NET Enterprise Servers product family. For more info on .NET follow this LINK
The product replaces Microsoft Proxy Server 2.0, but offers much, much more in terms of functionality. This article aims to give the reader an overview of these features.
ISA Server 2000 is a fully extensible, enterprise level internet gateway. It combines roles previously assigned to separate products such as firewall, proxy server and Web caching. Although you have the ability to mix and match these features within ISA Server to suit your environment. So if you've already spend a lot of time and money on a dedicated firewall solution, then you could disable the firewall functionality within ISA Server.
ICSA Labs, who are highly respected in the heady world of Internet Security, has certified Microsoft ISA Server 2000 as a secure enterprise firewall. ICSA certification is the de facto standard for firewalls, and this certification therefore sends out a clear message to Microsoft's customers that ISA Server 2000 is an Enteprise class product, capable of taking on the traditional market leaders in Internet Security.
Overview of Features
The main features of ISA Server 2000 can be divided into the following categories:
Internet Connectivity and Security
ISA Server includes the following firewall and security features:
- Intrusion detection: ISA Server is configurable to detect and alert you against specific attacks
- Outgoing access policy: Use policies and rules to control how clients access the Internet. This can be done by using both Sites and Content rules and Protocol rules.i.e. whether a particular protocol is enabled/disabled for inboard/outboard traffic and also which particular sites/content are allowed/not allowed.
- System Security Wizard: Lock down Windows 2000 by using pre-defined security templates.
- Application Filters: Configure filters to control application specific traffic such as HTTP. FTP, SMTP etc....
- VPN Support: Intergrates with Virtual Private Networking (VPN) services in Windows 2000
ISA Server includes several Web caching features in order to increase access times and therefore productivity to content, these are as follows:
- Hierarchical caching: This allows you to set up a series and ISA Servers, such that a client will access the cached content that is geographically nearest to them.
- Reverse caching: HTTP and FTP content can be cached from publishing servers, improving access times
- Scheduled caching: Commonly requested content can be updated on a schedule from the Internet.
ISA Server allows you to publish both content and applications via series of rules. This means you can make both content and applications avaiable to specific clients, without the need to make configuration changes on the publishing server(s).
The fact the ISA Server offers both firewall and Web cache feature sets means that both of these can be managed from a single point, whereas traditionally these would be managed seperately. ISA Server uses a policy-based administration tool which makes management far less complex than in traditional products.
Being part of the .NET Platform, ISA Server is extensible via XML and comes with an API for programmatically managing it.
ISA Server, Enterprise Edition
As with many Microsoft products, ISA Server comes in two flavours, Standard and Enterprise. ISA Server 2000, Enterprise Edition offers the following additional features over the Standard Product:
- Multiserver arrays: This gives you the ability to effectively cluster and load balance serveral ISA Servers for increased performance and fault tolerance.
- Two levels of policy management: Policies can be applied at both the array and enterprise level. This allows you to configure ALL ISA servers within your organisation using one policy, if required.
- No restriction on number of processors. ISA Server, Standard Edition is limited to 4 processors.
For more information on ISA Server 2000, visit the following LINK