Contents Overview 1 Introducing ISA Server 2 Using Caching 8 Using Firewalls 11 Deployment Scenarios for ISA Server 18 Review 23 Module 1: Overview of Microsoft ISA Server BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles. The publications specialist replaces this example list with the list of trademarks provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. <The publications specialist inserts mention of specific, contractually obligated to, third-party trademarks, provided by the copy editor> Other product and company names mentioned herein may be the trademarks of their respective owners. Module 1: Overview of Microsoft ISA Server iii BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Instructor Notes Instructor_notes.doc Module 1: Overview of Microsoft ISA Server 1 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Overview ! Introducing ISA Server ! Using Caching ! Using Firewalls ! Deployment Scenarios for ISA Server The Internet enables organizations to connect with customers, partners, and employees. While this presents new business opportunities, it can also cause concerns about security, performance, and manageability. Microsoft ® Internet Security and Acceleration (ISA) Server 2000 is designed to address the needs of today’s Internet-enabled businesses. ISA Server includes caching features that enables an organization to save network bandwidth and provide faster Web access for users. ISA Server includes a firewall service that helps protect network resources from unauthorized access from outside the organization’s network, while enabling efficient authorized access. Finally, ISA Server includes management and administration features that enable an organization to centrally control and manage Internet use and access. After completing this module, you will be able to: ! Explain the use of ISA Server. ! Describe the concept of caching. ! Describe the concept of firewalls. ! Identify the deployment scenarios for ISA Server. Topic Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about the use of ISA Server as a cache server and an enterprise firewall. 2 Module 1: Overview of Microsoft ISA Server BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # Introducing ISA Server ! ISA Server Editions ! Benefits of ISA Server ! Installation Modes ISA Server is an enterprise firewall and cache server built on the Microsoft Windows ® 2000 operating system that provides policy-based access control, acceleration, and management of internetworking. ISA Server is available in two editions that are designed to meet the business and networking needs of your organization. Whether deployed as dedicated components or as an integrated firewall and caching server, ISA Server provides organizations with a unified management console that is designed to simplify security and access management. Topic Objective To introduce ISA Server. Lead-in ISA Server provides benefits and deployment options to help an organization manage Internet security and access. Module 1: Overview of Microsoft ISA Server 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY ISA Server Editions ! ISA Server Enterprise Edition ! ISA Server Standard Edition ISA Server is available in two editions that are designed to meet the business and networking needs of your organization. ISA Server Enterprise Edition The enterprise edition is designed to meet the performance, management, and scalability needs of high volume Internet traffic environments with centralized server management, multiple levels of access policy, and fault-tolerant capabilities. The enterprise edition provides secure, scaleable, fast Internet connectivity for mission-critical environments. ISA Server Standard Edition The standard edition provides enterprise-class firewall security and Web caching capabilities for small business, workgroups and departmental environments. The standard edition provides robust security, fast web access, intuitive management and excellent price/performance for business-critical environments. Topic Objective To identify the ISA Server editions. Lead-in ISA Server is available in two editions that are designed to meet the business and networking needs of your organization. 4 Module 1: Overview of Microsoft ISA Server BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Benefits of ISA Server Caching Caching Caching Fast Access with a High-Performance Web Cache Fast Access with a High-Performance Web Cache Security Security Security Enterprise Security Through a Multilayered Firewall Enterprise Security Through a Multilayered Firewall Management Management Management Extensibility Extensibility Extensibility Powerful Management with Integrated Administration Powerful Management with Integrated Administration Extensible and Customizable Platform Extensible and Customizable Platform ISA Server is a key member of the .NET Enterprise Server family. The products in .NET Enterprise Servers are Microsoft’s comprehensive family of server applications for building, deploying and managing scalable, integrated, Web-based solutions and services. ISA Server offers several benefits to organizations that want fast, secure, and manageable Internet connectivity. Fast Access with a High-Performance Web Cache ISA Server provides the following Web performance benefits: ! Provides faster Web access for users by retrieving objects locally rather than over a slower connection to the potentially congested Internet. ! Reduces bandwidth costs by reducing network traffic. ! Distributes the content of Web servers and e-commerce applications efficiently and cost-effectively to reach customers worldwide. The capability for distributing Web content is only available in ISA Server Enterprise Edition. Enterprise Security Through a Multilayered Firewall ISA Server provides the following security benefits: ! Protects networks from unauthorized access. ! Protects Web, e-mail, and other application servers from external attacks by using Web publishing and server publishing to securely process incoming requests to internal servers. ! Filters incoming and outgoing network traffic to ensure security. ! Enables secure access for authorized users from the Internet to the internal network by using virtual private networks (VPNs). Topic Objective To describe the benefits offered by ISA Server. Lead-in ISA Server offers an organization several benefits for Internet connectivity. Delivery Tip The slide for this topic includes animation. Click or press the SPACEBAR to advance the animation. Delivery Tip To present more information about the .NET Enterprise Server family, play the .NET Enterprise Servers animation. The animation is included on the Trainer Materials Compact Disc. Note Module 1: Overview of Microsoft ISA Server 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Powerful Management with Integrated Administration ISA Server provides the following management benefits: ! Controls access centrally to ensure and enforce corporate policies. ! Improves productivity by limiting Internet use to approved applications and destinations. ! Allocates bandwidth to match business priorities. ! Provides monitoring tools and produces reports that show how Internet connectivity is used. Extensible and Customizable Platform ISA Server provides the following extensibility and customization benefits: ! Addresses security and performance needs that are specific to an organization by using ISA Server Software Development Kit (SDK) for in- house development of add-on components. ! Extends security and management functionality with third-party solutions. ! Automates administrative tasks with scriptable Component Object Model (COM) objects. 6 Module 1: Overview of Microsoft ISA Server BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Installation Modes ! Cache Mode ! Firewall Mode ! Integrated Mode ! Features Available with Each Mode You can install ISA Server in three different modes: cache mode, firewall mode, and integrated mode. Cache Mode In cache mode, you can improve network performance and save bandwidth by storing frequently accessed Web objects closer to the user. You can then route requests from clients to a cache server that holds cached objects. Firewall Mode In firewall mode, you can secure network traffic by configuring rules that control communication between an internal network and the Internet. You can also publish internal servers, which enables an organization to share data on its network with partners or customers. Integrated Mode In integrated mode, you can combine the firewall and cache services on a single host computer. While organizations can deploy ISA Server as a separate firewall or caching service, you can have a single integrated enterprise firewall and cache server by choosing this mode. Topic Objective To identify the installation modes and associated features of ISA Server. Lead-in There are three modes for installing ISA Server. [...]... Server computer deployed as a firewall in a department/branch office scenario Lead-in A single ISA Server computer can provide Internet connectivity and security for the entire network in a department or branch office Internet Internet Branch Office Branch Office Internet Internet Service Service Provider Provider ISA Server ISA Server Actual Connection Actual Connection Perceived Connection Perceived... ISA Server 1 You are recommending an Internet solution to a small organization that wants internal employees to be able to securely gain access to the Internet and also allow users on the Internet to be able to send e-mail messages to an internal mail server Which configuration do you recommend? Integrated mode provides for secure and efficient Internet access and allows for server publishing to securely... set up an ISA Server computer as a dedicated firewall that acts as the secure gateway to the Internet for internal clients The ISA Server computer is placed between the internal network and the Internet In a small network with up to 250 clients, a single ISA Server computer can provide Internet connectivity and security for the entire network The ISA Server computer is transparent to the other parties... the Internet The client receives the object much quicker and the request requires no Internet traffic BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 10 Module 1: Overview of Microsoft ISA Server Types of Caching Topic Objective To describes the types of caching available for ISA Server Internal Network Internal Network Forward Caching Cache Internet Internet Cache Lead-in Internet. .. Overview Topic Objective To provide an overview of the module topics and objectives ! Installing ISA Server Lead-in ! Installing and Configuring ISA Server Clients ! Maintaining an ISA Server Array In this module, you will learn about installation and maintenance tasks for ISA Server Whether you deploy Microsoft® Internet Security and Acceleration (ISA) Server as a dedicated firewall or Web cache server... network and selected computers on the internal network A three-homed firewall provides more security than a bastion host and it allows for secure access to some network resources from the Internet A bastion host depends on a single firewall to secure the entire network If an Internet user compromises the firewall, that Internet user can gain access to the organization’s internal network BETA MATERIALS FOR... branch office can reduce network traffic to the main office Internet Internet Branch Office Branch Office Main Office Main Office ISA Server ISA Server Cache In this scenario, you set up ISA Server as a cache server to reduce network traffic between a branch office and main office Because you use less network bandwidth accessing Web content, more bandwidth remains available for other applications By caching... ISA Server cache, ISA Server retrieves the object from the server on the Internet 3 The server on the Internet returns the object to the ISA Server computer The ISA Server computer retains a copy of the object in its cache and returns the object to Client 1 The time that it takes the client to receive the object and the resulting Internet traffic are approximately the same as if the client had gained... shared or public networks like the Internet Yes No Cache service Stores frequently retrieved objects and URLs in the cache drive of an ISA Server computer No Yes Packet filtering Controls the flow of IP packets to and from ISA Server computer Yes No Application filters Perform protocol-specific or systemspecific tasks, such as authentication, to provide an extra layer of security for the Firewall service... Internet Cache Lead-in Internet Internet ISA Server supports caching in three configurations Reverse Caching Web Server Web Server Internal Network Internal Network Distributed Caching Cache Cache Internet Internet Cache The caching service accelerates Web performance for both internal and external clients ISA Server supports both forward caching for outgoing requests and reverse caching for incoming . Server Web Server Internet Internet Internet Internet Internet Internet The caching service accelerates Web performance for both internal and external clients with a High-Performance Web Cache Security Security Security Enterprise Security Through a Multilayered Firewall Enterprise Security Through a Multilayered