安全与速度的完美结合 microsoft internet security and acceleration server 2000
TRANSCRIPT
安全与速度的完美结合安全与速度的完美结合
Microsoft Internet Security Microsoft Internet Security and Acceleration Server 2000and Acceleration Server 2000
22
Agenda Agenda
产品概述产品概述 防火墙防火墙 缓存缓存 布署场景布署场景 管理管理 可扩展性可扩展性
33
新的机遇新的机遇 , , 新的挑战新的挑战
用网络连接你的客户用网络连接你的客户 ,, 合作合作伙伴与雇员伙伴与雇员
在在 WEBWEB 上的电子商务给你上的电子商务给你的企业带来了新的商机的企业带来了新的商机
把有限资源的内部网变成把有限资源的内部网变成溶合在溶合在 InternetInternet 的网络的网络
把网络暴露在所有的黑把网络暴露在所有的黑客客 ,, 病毒和非法用户面前病毒和非法用户面前
竞争非常激烈竞争非常激烈 ,, 你的你的 WEBWEB必需提供快速可靠的服务必需提供快速可靠的服务
管理这样的网络需要更高管理这样的网络需要更高的技术的技术
机遇机遇 挑战挑战
44
Microsoft ISA Server 2000Microsoft ISA Server 2000安全与速度的完美结合
用可伸缩的用可伸缩的 ,, 多层次的防火墙保护网络多层次的防火墙保护网络环境环境
用可伸缩用可伸缩 ,, 高性能的高性能的 WEBWEB 缓存实现快缓存实现快速访问速访问
与与 Windows 2000Windows 2000 集成的集成的 ,, 强壮的策略强壮的策略和管理机制和管理机制
安全的网络连接安全的网络连接
快速的 快速的 Web Web 访问访问
统一的管理方式统一的管理方式
可扩展的开放平可扩展的开放平台台 可以扩展与定制的高级平台可以扩展与定制的高级平台
55
防火墙 防火墙 & & 缓存缓存
两者都应存在于网络的边缘或者说结合点两者都应存在于网络的边缘或者说结合点 模块化安装模块化安装 统一的管理统一的管理
MMCMMC Logging and ReportingLogging and Reporting Monitoring and AlertingMonitoring and Alerting
一致的访问策略一致的访问策略 低廉的培训维护费用低廉的培训维护费用
66
与 与 Windows 2000 Windows 2000 紧密集成紧密集成 SecuritySecurity 包过滤包过滤
网络地址转换 网络地址转换 (NAT & SecureNAT)(NAT & SecureNAT) AuthenticationAuthentication System HardeningSystem Hardening
虚拟专用网 虚拟专用网 (VPN)(VPN) 管理管理
MMCMMC Terminal ServicesTerminal Services Event logEvent log
Active Directory™ Active Directory™ Array configuration and policy data Array configuration and policy data NOT required!NOT required!
带宽控制带宽控制 透明地支持在其它平台上的客户机与服务器透明地支持在其它平台上的客户机与服务器
77
Much More Than “Proxy Server 3.0”Much More Than “Proxy Server 3.0” Transparency for all clients Transparency for all clients
and serversand servers Enterprise policyEnterprise policy Group policyGroup policy SchedulesSchedules Active Directory integrationActive Directory integration Extensible application Extensible application
filtersfilters SMTP filterSMTP filter Streaming media splittingStreaming media splitting H.323 filter & GatekeeperH.323 filter & Gatekeeper MMC-based UIMMC-based UI Task Pads, wizardsTask Pads, wizards Remote administrationRemote administration Configuring Exchange Configuring Exchange
server behind firewallserver behind firewall
IIS separationIIS separation RAM cachingRAM caching New cache storeNew cache store Scheduled content Scheduled content
downloaddownload VPN integrationVPN integration Intrusion detectionIntrusion detection System hardeningSystem hardening NTLM & Kerberos NTLM & Kerberos
authenticationauthentication Dual-hop SSLDual-hop SSL Customizable alertsCustomizable alerts Logging: W3C format, Logging: W3C format,
selectable fieldsselectable fields Integrated reportingIntegrated reporting Bandwidth controlBandwidth control New APIsNew APIs Modular installationModular installation
88
ISA Server 2000ISA Server 2000 版本版本 ISA Server ISA Server 的的版本版本
ISA Server ISA Server 标标准版准版 ISA Server ISA Server 企业企业版版
99
What Is ISA Server 2000 What Is ISA Server 2000 ISA ISA 系统需求系统需求
ProcessorProcessor 300 MHz or higher Pentium II compatible 300 MHz or higher Pentium II compatible
Operating SystemOperating System Microsoft Windows 2000 Server or Microsoft Windows 2000 Server or Advanced Server with SP2 or higherAdvanced Server with SP2 or higher
MemoryMemory 256 MB of RAM256 MB of RAM
Hard DiskHard Disk 20 MB of available hard drive space20 MB of available hard drive spaceAn available NTFS partitionAn available NTFS partition4-8 MB for each proxy client4-8 MB for each proxy client
Other Other To implement the array and advanced To implement the array and advanced configuration policies on the Enterprise configuration policies on the Enterprise edition you also need:edition you also need:
Windows Active Directory on the networkWindows Active Directory on the network
1010
功能功能 标准版标准版 企业版企业版
▲服务器的建置 单机运作 多机的集中管理▲原则的设定 (policy support) 服务器本机 服务器阵列▲硬件支持 4 颗 CPU 无限制Web 缓存▲扩展性 适合小型企业 适合中大型企业▲分散式与阶层式缓存 仅阶层式 皆有统一的管理▲Windows® 2000 Active Directory 整合 有限 完全
▲多层次原则 无 有▲多服务器管理 无 有
Microsoft® ISA Server 2000 标准版与企业版功能比较表
1111
Small OrganizationSmall Organization
Internet
ISA Server
1212
Large EnterpriseLarge Enterprise
Internet
ISA Server
防火墙 & 缓存 ,共同管理
1313
DMZ & Secure PublishingDMZ & Secure Publishing
Internet
ISA #2ISA #1
DMZ #1
Intranet
1414
ChainingChaining
ISA Server
ISA Server Array
Leased line orVPN connection
Branch
MainInternet
FirewallFirewall
用可伸缩用可伸缩 ,, 多层次防火墙保护多层次防火墙保护网络环境网络环境
1616
为什么要使用防火墙为什么要使用防火墙 ? ? 保护自己不受黑客保护自己不受黑客 ,, 病毒与非法用户的攻病毒与非法用户的攻
击击 控制向外的 控制向外的 InternetInternet 访问访问 保护保护 web servers and email web servers and email
serversservers 更加安全的数据访问更加安全的数据访问
保护关键的数据与信息保护关键的数据与信息- - 并且 并且 - -
管理信息访问管理信息访问
1717
防火墙基本技术 防火墙基本技术 (note)(note)
什么是防火墙什么是防火墙 七层结构与四层结构七层结构与四层结构 包过滤(包过滤( IP/IP ExtensionIP/IP Extension ))
静态静态 动态动态 状态检测状态检测
应用代理应用代理 (App.)(App.) 示例 示例
电路网关电路网关 (TCP)(TCP) Socks vs. Winsock ProxySocks vs. Winsock Proxy
NATNAT NAT NAT 分类分类
1818
ISA Server ISA Server 的防火墙的防火墙 包过滤,电路以及应用级数据流监控包过滤,电路以及应用级数据流监控
Stateful inspection examines traffic in its contextStateful inspection examines traffic in its context Reduce risk of unauthorized accessReduce risk of unauthorized access Analyze or modify content with “Smart” application filtersAnalyze or modify content with “Smart” application filters
集成的入侵检测集成的入侵检测 /Integrated intrusion detection/Integrated intrusion detection Based on technology licensed from Internet Security Based on technology licensed from Internet Security
Systems (ISS) Systems (ISS)
安全发布安全发布 /Secure publishing/Secure publishing Protect servers accessible to the outside worldProtect servers accessible to the outside world
系统加强系统加强 /System hardening/System hardening ““Lock down” the operating system, further strengthening Lock down” the operating system, further strengthening
securitysecurity
集成集成 VPN/Integrated with Windows 2000 VPNVPN/Integrated with Windows 2000 VPN Wizard for easy configurationWizard for easy configuration
1919
ISA Server – Microsoft’s FirewallISA Server – Microsoft’s FirewallISA Server ArchitectureISA Server Architecture
zz
Web ProxyWeb ProxyClientClient
Secure NATSecure NATClientClient
FirewallFirewallClientClient
LocalLocalAreaAreaNetworkNetwork
Web Proxy Web Proxy ServiceService
FirewallFirewallServiceService
Web FilterWeb Filter
Packet FilteringPacket Filtering
Third Party FilterThird Party Filter
Streaming FilterStreaming Filter
SMTP FilterSMTP Filter
H.323 FilterH.323 Filter
FTP FilterFTP Filter
CacheCache
InternetInternet
NATNATDriverDriver
HTTPHTTPRedirectorRedirector
2020
Intrusion DetectionIntrusion Detection
2121
Additional Security FeaturesAdditional Security Features
VPN integrationVPN integration Integrated with on Windows 2000 VPNIntegrated with on Windows 2000 VPN Wizard for easy configurationWizard for easy configuration
System hardening wizardSystem hardening wizard ““Lockdown” for the operating systemLockdown” for the operating system Three pre-defined levelsThree pre-defined levels
Secure publishingSecure publishing SSL BridgingSSL Bridging
Encrypted tunnelingEncrypted tunneling
2222
ISA Server – Microsoft’s FirewallISA Server – Microsoft’s Firewall为 为 Outgoing RequestsOutgoing Requests 制定制定规则规则
Protocol RulesProtocol Rules 谁谁可以使用什么样的协议在什么时间访问什么可以使用什么样的协议在什么时间访问什么 ?? Default: No accessDefault: No access
Site and Content RulesSite and Content Rules 谁可以在什么时间访问什么站点和内容谁可以在什么时间访问什么站点和内容 ?? Default: All accessDefault: All access 配置演示配置演示
对互联网访问时这两个规则都是必要的对互联网访问时这两个规则都是必要的 带宽控制的使用带宽控制的使用
2323
ISA Server – Microsoft’s Firewall ISA Server – Microsoft’s Firewall (( 略略 ))为为 Incoming RequestsIncoming Requests 制制定规则定规则
Server Publishing RulesServer Publishing Rules Redirect traffic for an external address / port to Redirect traffic for an external address / port to
an internal addressan internal address Web Publishing RulesWeb Publishing Rules
Redirect Web requests onlyRedirect Web requests only Can redirect to multiple internal Web sitesCan redirect to multiple internal Web sites Can choose port for redirectionCan choose port for redirection Can perform SSL bridgingCan perform SSL bridging
2424
ISA Server – Microsoft’s FirewallISA Server – Microsoft’s FirewallFirewall Planning (continued)Firewall Planning (continued)
ScalingScaling ArraysArrays Network Load Balancing (NLB)Network Load Balancing (NLB) DNS round robinDNS round robin
Perimeter Network RequirementsPerimeter Network Requirements
2525
Firewall Design Firewall Design No External Access RequiredNo External Access Required
InternetInternet
Internal NetworkInternal Network
Firewall
2626
Firewall Design Firewall Design Screened HostScreened Host
InternetInternet
Internal NetworkInternal Network
Firewall
Screened HostScreened Host
2727
Firewall Design Firewall Design Three-Homed PerimeterThree-Homed PerimeterNetwork DesignNetwork Design
Firewall
InternetInternet
Internal NetworkInternal Network
Perimeter NetworkPerimeter Network
2828
Firewall Design Firewall Design Back-to-Back PerimeterBack-to-Back PerimeterNetwork DesignNetwork Design
InternetInternet
InternalNetworkInternalNetwork
PerimeterNetworkPerimeterNetwork
Firewall
Firewall
Web ServerWeb Server
2929
Miscellaneous ConfigurationMiscellaneous ConfigurationAuthenticationAuthentication配置技巧配置技巧 Firewall ClientsFirewall Clients
User-based, automaticUser-based, automatic Requires client software, Win32 clients only, Requires client software, Win32 clients only,
TCP and UDP onlyTCP and UDP only SecureNAT ClientsSecureNAT Clients
By IP addressBy IP address No client software, all platforms, all protocolsNo client software, all platforms, all protocols
How to Ping!How to Ping!
3030
Miscellaneous ConfigurationMiscellaneous ConfigurationAuthentication (continued)Authentication (continued)
Web Proxy clientWeb Proxy client By user (logged-on user or authentication dialog By user (logged-on user or authentication dialog
box)box) Need to configure browser, etc.Need to configure browser, etc. Need to configure authentication methods:Need to configure authentication methods:
BasicBasic DigestDigest IntegratedIntegrated CertificatesCertificates
3131
Miscellaneous ConfigurationMiscellaneous ConfigurationIntrusion DetectionIntrusion Detection
Technology licensed from Internet Security Technology licensed from Internet Security Systems (ISS)Systems (ISS)
Monitors for a number of common attacksMonitors for a number of common attacks Extensive options for alertingExtensive options for alerting 可以开发自己定义的入侵检测规则可以开发自己定义的入侵检测规则
3232
Miscellaneous ConfigurationMiscellaneous ConfigurationServer HardeningServer Hardening
Wizard applies security settings to make Wizard applies security settings to make Windows 2000 Server even more secureWindows 2000 Server even more secure
参考文件在参考文件在 ISAISA 安装目录中安装目录中
3333
Miscellaneous ConfigurationMiscellaneous ConfigurationH.323 GatekeeperH.323 Gatekeeper
““Switchboard” for H.323 ApplicationsSwitchboard” for H.323 Applications NetMeetingNetMeeting Voice over IP (VOIP)Voice over IP (VOIP) Etc.Etc.
CachingCaching
可伸缩 , 高性能的 WEB 缓存
3535
为什么要使用缓存为什么要使用缓存 ? ? 快速浏览快速浏览 降低网络带宽费用降低网络带宽费用 减轻减轻 web web 服务器的压力服务器的压力 更加可靠的数据访问更加可靠的数据访问
Increase performance Increase performance - and - - and -
reduce costsreduce costs
3636
Cache Scenarios - Cache Scenarios - Forward ProxyForward Proxy
GET www.msnbc.comGET www.msnbc.com
Internet
LizLiz
ISA ServerISA Server
JohnJohn
GET www.msnbc.comGET www.msnbc.com
CacheCache
GET www.msnbc.comGET www.msnbc.com
Corpnet users Corpnet users connect to the connect to the internet internet via ISAvia ISA
3737
Cache Scenarios – Cache Scenarios – Reverse CachingReverse Caching
DNS
Internet
“www.ms.com”“www.ms.com/ISA”
/ISA/ISA
Web ServerWeb Server
Secure Network
ISA ServerISA Server
CacheCacheJoeJoe
Internet
ISA Server looks like a Web server Internally routes requests to multiple servers
3838
ISA Server Caching FeaturesISA Server Caching Features
Web Web 访问加速 访问加速 RAM caching: “Hot content” served from RAMRAM caching: “Hot content” served from RAM 有效地缓存机制最小化了磁盘有效地缓存机制最小化了磁盘 I/OI/O
Active cachingActive caching Scheduled content downloadScheduled content download 分布式的缓存机制分布式的缓存机制
Cache Array Routing Protocol (CARP)Cache Array Routing Protocol (CARP) Hierarchical CachingHierarchical Caching
层次型策略层次型策略 NLBNLB负载均衡负载均衡 /DNS/DNS轮询轮询 自动搜寻代理服务器自动搜寻代理服务器
3939
CARP on the ServerCARP on the Server
www.foo.comwww.foo.com
Do you have www.foo.com?Do you have www.foo.com?
GET www.foo.comGET www.foo.com
CacheCache
Internet
ClientClient
Server 1Server 1
Server 2Server 2
Server 3Server 3
4040
CARP CARP (Cache Array Routing Protocol)(Cache Array Routing Protocol)
高效高效 Distributed cacheDistributed cache ArraysArrays 的规模是线性的的规模是线性的 ,, 平衡负载平衡负载 各个服务器的内容没有重复各个服务器的内容没有重复 最高效地应用缓存的大小与缓存的命中率最高效地应用缓存的大小与缓存的命中率
可靠可靠 容错的容错的 ,, 自调节的自调节的 arraysarrays 当服务器增加或减少时当服务器增加或减少时 ,, 内容的转移与重新配置是动态内容的转移与重新配置是动态
的的 灵活灵活
Routing can be implemented on server for best Routing can be implemented on server for best transparency, or on client for maximum efficiencytransparency, or on client for maximum efficiency
系统默认设置系统默认设置
4141
Hierarchical Caching (Chaining)Hierarchical Caching (Chaining)Internet
~50%~50%Traffic $avingsTraffic $avings
Over Every WANOver Every WANLinkLink
New YorkNew York
TokyoTokyo LondonLondon
4242
NLB NLB 和 和 ISA ISA 防火墙和代理服务器集群防火墙和代理服务器集群
ISA- 1 - InternalISA- 1 - InternalDIP : 10.10.10.2DIP : 10.10.10.2 VIP : 10.10.10.100 VIP : 10.10.10.100
ISA- 2 - InternalISA- 2 - InternalDIP : 10.10.10.1DIP : 10.10.10.1 VIP : 10.10.10.100 VIP : 10.10.10.100
ISA- 1 - External ISA- 1 - External DIP : 128.1.1.2DIP : 128.1.1.2VIP : 128.1.1.100VIP : 128.1.1.100
ISA- 2 - ExternalISA- 2 - ExternalDIP : 128.1.1.1 DIP : 128.1.1.1 VIP : 128.1.1.100VIP : 128.1.1.100
NL
B C
lus
ter
NL
B C
lus
ter
NL
B C
lus
ter
NL
B C
lus
ter
ISA 1ISA 1
ISA 2ISA 2
4343
Configuring CachingConfiguring CachingCache ExpirationCache Expiration
FrequentlyFrequently Cache is kept current, network Cache is kept current, network
performance may be degradedperformance may be degraded
NormallyNormally Cache is somewhat current, network Cache is somewhat current, network
performance is consideredperformance is considered
Less FrequentlyLess Frequently Cache is less current, network Cache is less current, network
performance is not degradedperformance is not degraded
Custom SettingsCustom Settings
4444
Configuring CachingConfiguring CachingActive Caching & Negative CachingActive Caching & Negative Caching
Enables ISA to fetch a new version Enables ISA to fetch a new version of cached objectsof cached objects FrequentlyFrequently
Cache is kept current, network Cache is kept current, network performance is degradedperformance is degraded
NormallyNormally Network performance is considered Network performance is considered
when updating the cachewhen updating the cache
Less FrequentlyLess Frequently Cache is less current, network Cache is less current, network
performance is not degradedperformance is not degraded
4545
Configuring CachingConfiguring Caching Advanced Cache SettingsAdvanced Cache Settings
Allows control over what content is Allows control over what content is cachedcached Size of objects to cacheSize of objects to cache Dynamic contentDynamic content Maximum URL cached in memoryMaximum URL cached in memory
Control what action to take with Control what action to take with expired cache objectsexpired cache objects Return an errorReturn an error
-or--or- Return expired objectReturn expired object
4646
Configuring CachingConfiguring Caching Adjusting Cache SizeAdjusting Cache Size
LONDON Properties
Cache Drives
LONDON
OK Cancel Apply
Set100Maximum cache size (MB):
Total disk space (MB): 39064
Total maximum cache size (MB): 100
Drive Type Disk space… Free space… Cache Size…
Specify the size of the cache.
Properties of serverProperties of server Creates a .cdat file of Creates a .cdat file of
equivalent sizeequivalent size 4-8 MB for each client4-8 MB for each client
Demonstration Demonstration Configure CachingConfigure Caching
Enabling HTTP and FTP CachingEnabling HTTP and FTP CachingExamining Cache configurationExamining Cache configuration
Allowing Internet AccessAllowing Internet Access
Server PublishingServer Publishing
4949
发布与路由发布与路由(( Using Publishing And RoutingUsing Publishing And Routing ))
Publishing Rules Publishing Rules 将内部站点发布到外部网上将内部站点发布到外部网上 ““内部网”由内部网”由 Local Address Table (LAT)Local Address Table (LAT) 定义 定义
dd Perimeter Network in three-homed Perimeter Network in three-homed 对于对于 ISAISA
来说等同于外部网来说等同于外部网 两个外部网之间的通信通需要设置路由两个外部网之间的通信通需要设置路由
用用 packet filters packet filters 确保路由的安全通信确保路由的安全通信
5050
发布与路由发布与路由 (Using Publishing And Routing)(Using Publishing And Routing)
服务器发布服务器发布 /Server Publishing/Server Publishing
反向 反向 Network Address Translation (NAT)Network Address Translation (NAT) 映射外部网到内部网映射外部网到内部网 将外网卡上收到的数据包发送给内网服务器的特将外网卡上收到的数据包发送给内网服务器的特
定端口定端口 映射映射 : : 外网卡上的不同端口可以映射到内网的外网卡上的不同端口可以映射到内网的
不同服务器上不同服务器上 主要用于主要用于 WEB serversWEB servers 以外的服务器以外的服务器
5151
发布与路由发布与路由Web PublishingWeb Publishing
将外网卡上接收的请求重定向将外网卡上接收的请求重定向 可以为多个站点做重定向可以为多个站点做重定向 可以重定向到内部或外部站点可以重定向到内部或外部站点
InternetInternet
isa.internal.microsoft.com
www.microsoft.com/isaserver/
www.internal.microsoft.com
ISA ServerISA Server
www.microsoft.com/
/isaserver//isaserver/
//
Internal NetworkInternal Network
5252
发布与路由发布与路由Secure Web PublishingSecure Web Publishing
客户机的连线终止于客户机的连线终止于 ISA Server computerISA Server computer ISA Server can perform authenticationISA Server can perform authentication ISA Server needs Web server certificateISA Server needs Web server certificate
What about connection between ISA Server What about connection between ISA Server and internal Web server?and internal Web server?
SSL bridgingSSL bridging Choice of HTTP-S, HTTP, or FTPChoice of HTTP-S, HTTP, or FTP
5353
发布与路由发布与路由路由路由 TCP/UDPTCP/UDP 以外的协议必须使用路由才能通信以外的协议必须使用路由才能通信 外网访问外网访问 three-homed perimeter networkthree-homed perimeter network 必必须使用路由 须使用路由 (external to external)(external to external)
ISA ISA 在路由功能中强行使用包过滤在路由功能中强行使用包过滤 Note: packet filtering enhances security and Note: packet filtering enhances security and
increases performanceincreases performance Warning: Do not enable routing outside of ISA Warning: Do not enable routing outside of ISA
Server/Server/ 保持保持 ISAISA 为唯一路由为唯一路由
5454
ISA Server ConfigurationISA Server ConfigurationOutgoing TrafficOutgoing Traffic
Protocol Rules and Site and Content RulesProtocol Rules and Site and Content Rules Packet filtersPacket filters
Protocols other than UDP or TCPProtocols other than UDP or TCP Applications or services running on ISA Server Applications or services running on ISA Server
computercomputer Packet filters canPacket filters can
override rules override rules
5555
ISA Server ConfigurationISA Server ConfigurationThree-Homed Perimeter NetworkThree-Homed Perimeter Network
Use routing with packet filtering for Use routing with packet filtering for perimeter network serversperimeter network servers Servers need routable IP addressesServers need routable IP addresses
Use publishing between perimeterUse publishing between perimeternetwork and internal networknetwork and internal network
5656
ISA Server ConfigurationISA Server ConfigurationBack-to-Back Perimeter NetworkBack-to-Back Perimeter Network
Use Publishing Rules to publish servers on Use Publishing Rules to publish servers on perimeter network to Internetperimeter network to Internet
Use publishing rules to publish servers on Use publishing rules to publish servers on internal network to perimeter networkinternal network to perimeter network
Each ISA Server requires Each ISA Server requires a separate LATa separate LAT
Demonstration Demonstration Server Publishing And Web Server Publishing And Web
PublishingPublishing
Creating a Server Publishing RuleCreating a Server Publishing Rule Creating a Web Creating a WebPublishing Rule Publishing Rule
5858
(Edited)(Edited) Miscellaneous ConfigurationMiscellaneous ConfigurationVPN ConfigurationVPN Configuration Three types of connections:Three types of connections:
Access by remote usersAccess by remote users Connecting two networksConnecting two networks Access remote VPN from ISA protected networkAccess remote VPN from ISA protected network
Wizards configure ISA Server and RRASWizards configure ISA Server and RRAS ISA Server packet filtersISA Server packet filters RRAS configured as a VPN ServerRRAS configured as a VPN Server
RRAS performs all VPN functionsRRAS performs all VPN functions May require additional configurationMay require additional configuration
Demonstration Demonstration VPN ConfigurationVPN Configuration
Configuring a Local VPNConfiguring a Local VPN Configuring a Remote VPN Configuring a Remote VPN
Reviewing VPN Configuration Reviewing VPN Configuration SettingsSettings
ManagementManagement
Tiered policy and flexible management integrates with Windows 2000
6161
Policy & RulesPolicy & Rules
Enterprise & Enterprise & array-levelarray-level
Access controlAccess controlBy user/groupBy user/groupBy applicationBy applicationBy destinationBy destinationBy content typeBy content typeBy scheduleBy schedule
Bandwidth Bandwidth prioritiespriorities
Active policy: Access rules
ISA server namespace
6262
Tasks Pads and WizardsTasks Pads and Wizards
Tasks PadsTasks Pads The easy way The easy way
to set up and to set up and maintainmaintain
WizardsWizards Step-by-step Step-by-step
for complex for complex taskstasks
Common tasks
6363
AlertingAlerting
AlertingAlerting Flexible alert dispatch mechanismFlexible alert dispatch mechanism
Intrusion
System event
Violation
ISAServer
6464
Logging, reporting, monitoringLogging, reporting, monitoring
LoggingLogging Packet logPacket log Session logSession log
ReportingReporting Daily summariesDaily summaries Popular reportsPopular reports
MonitoringMonitoring Active connectionsActive connections Performance countersPerformance counters
ExtensibilityExtensibility
Superior extensibility and customizability
6666
Extensibility MechanismsExtensibility Mechanisms Application filtersApplication filters
Smart inspection of data streamsSmart inspection of data streams More Intrusion detectionsMore Intrusion detections
Web filters Web filters Based on ISAPIBased on ISAPI
Administration COM objectAdministration COM object All administrative properties and actions All administrative properties and actions
available programmatically (read/write)available programmatically (read/write) Cache APIsCache APIs MMC snap-insMMC snap-ins
Extend the ISA Server user interfaceExtend the ISA Server user interface StorageStorage
Integrate with array propagation, Integrate with array propagation, backup/restorebackup/restore
AlertsAlerts
A Community of ISVsA Community of ISVs
SummarySummary
Secure, Fast Internet Connectivity
6969
ISA Server Competitive AdvantagesISA Server Competitive Advantages Best Windows IntegrationBest Windows Integration
Active DirectoryActive Directory Networking FeaturesNetworking Features Windows applicationsWindows applications
Integrated Firewall and Web Cache ManagementIntegrated Firewall and Web Cache Management Unified Policy and Access ControlUnified Policy and Access Control
Unified ManagementUnified Management
Scale up and Scale Out for the EnterpriseScale up and Scale Out for the Enterprise Tiered Policy ManagementTiered Policy Management Scale Up - SMP optimizedScale Up - SMP optimized Scale Out - NLB and CARP Scale Out - NLB and CARP
Lower TCOLower TCO Integrated ServicesIntegrated Services Leverage Existing SkillsLeverage Existing Skills Works with what you haveWorks with what you have Extensible Open PlatformExtensible Open Platform
7070
Key TakeawaysKey Takeaways
Firewall & cache integrationFirewall & cache integration Multi-layered firewall with smart filtersMulti-layered firewall with smart filters High performance and scalable cacheHigh performance and scalable cache Designed for reverse caching and Designed for reverse caching and
secure publishingsecure publishing Integrated VPN, intrusion detection, Integrated VPN, intrusion detection,
reporting, bandwidth controlreporting, bandwidth control Tiered policy modelTiered policy model ExtensibilityExtensibility