Internet Security and Acceleration (ISA) Server 2000 Architecture

Updated : June 11, 2001

Internet Security and Acceleration (ISA) Server 2000 integrates robust firewall and caching capabilities—providing performance and security enhancements to networks that connect to the Internet.

On This Page

Firewall and Security
Caching and Acceleration
Administration
Software Development Kit

Firewall and Security

ISA Server 2000 serves as a firewall, providing secure Internet communication by preventing unauthorized network access. The firewall functionality is transparent to the other parties in the communication path. The intranet user is unaware that the firewall is interceding, unless the user attempts to access a service, or go to a site that has been denied by the administrator. Users interpret accessed Internet Web server requests from ISA Server as if they originated from the client applications.

The ISA Server firewall supports many Internet protocols including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Internet Relay Chat (IRC), H.323, Transparent HTTP, Microsoft Windows Media™ technologies, RealAudio, RealVideo, and mail and news protocols. It is readily extensible for the creation of additional application filters.

Caching and Acceleration

ISA Server also allows distributed caching using multiple ISA servers. Distributing the cache load allows scaling beyond what a single server can provide, balancing the load, and providing fault tolerance if a cache server is unavailable. Distributed caching can be implemented with arrays, chains, or a combination of both. ISA Server uses the Cache Array Routing Protocol (CARP), a scalable, efficient, and flexible architecture that allows multiple servers to act as a single cache without duplicating content.

Administration

Using policy-based access control with ISA Server 2000 provides you with flexible policy, based on users and groups, client protocols, schedules, sites, and content groups and protocols. Leveraging Microsoft Active Directory service (https://www.microsoft.com/windows2000/server/evaluation/features/dirlist.asp) and enterprise-level policies, administrators can create and apply policies once and distribute them globally to many servers. ISA Server includes a graphical user interface (GUI), based on the Microsoft Management Console (MMC) (https://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/mmc.asp), with graphical task pads and wizards for common activities. Detailed logging, alerting, monitoring, and reporting help administrators understand the status, usage, and performance of the server.

Software Development Kit

ISA Server includes a comprehensive software development kit (SDK) (https://msdn2.microsoft.com/en-us/library/ms811801.aspx) that includes detailed documentation and sample code to help developers create extensions to meet custom security or administrative requirements. The SDK provides examples and explains how to use application programming interfaces (APIs).

Below is a list of extensibility mechanisms, and API sets, that you can use to extend ISA Server or to build compatible and complementary technologies:

• Admin COM Object. Use this for programmatic access to the rules engine and all administrative options. You can read or modify policies, create rules, assign bandwidth priorities, and everything else that an ISA Server administrator can do in the UI.

• Application Filters. Create filters for the Firewall Service and SecureNAT that can intercept, block, analyze, modify, or otherwise manipulate any data stream on any port/protocol. A full step-by-step example, a Simple Mail Transfer Protocol (SMTP) filter, with complete source code is provided in the SDK documentation.

• Web Filters. Use Web filters, based on Internet Server API (ISAPI), to control or inspect any HTTP or FTP traffic coming across the gateway.

• MMC UI. Your product can seamlessly integrate with the ISA Server Administrator and appear to be an integrated part of the ISA Server UI and name space.

• Storage. Using FPCVendorParametersSets, add your persistent data to the ISA Server configuration information, so that it is propagated in an array, backed up, and shared with ISA Server.

• Caching. Use the FetchURL methods to programmatically preload the cache or modify the cache contents.

• Alerts. Add your own events and alerts to provide a consistent UI and alerting mechanism to the ISA Server administrator.

• Reporting. You get support for the World Wide Web Consortium (W3C) Extended File Format, and a well-documented log.

• Additional Information. View the SDK documentation, ISASDK.chm, included with the SDK download referenced above.