ISA Server 2004 Enterprise Edition Quick Start Guide

  • Article

Microsoft® Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition is a stateful packet and application-layer inspection firewall. Like ISA Server 2004 Standard Edition, ISA Server 2004 Enterprise Edition provides stateful packet inspection and stateful application-layer filtering for all connections made to, and through, the computer running ISA Server 2004 Enterprise Edition. In addition to being a highly secure stateful firewall, ISA Server 2004 Enterprise Edition can be configured as a Web caching proxy server, remote access virtual private network (VPN) server, and a site-to-site VPN gateway.

ISA Server 2004 Enterprise Edition includes all the features and functionality found in ISA Server 2004 Standard Edition. In addition, ISA Server 2004 Enterprise Edition includes:

  • Support for Web caching arrays using the Cache Array Routing Protocol (CARP). Web caching arrays significantly improve ISA Server Web proxy and caching performance through the intelligent CARP algorithm. Web performance enhancements provided by CARP lead to increased end-user satisfaction and productivity.
  • Integrated support for the Windows Network Load Balancing (NLB) service. NLB allows you to deploy an array of ISA Server 2004 Enterprise Edition computers in a high availability network environment. NLB provides both failover and load balancing for all connections made through an ISA Server 2004 Enterprise Edition array. If one member of the array should go offline, remaining array members can take over for the downed server. The load balancing aspect of NLB increases array performance, because it minimizes the chance of any single server in the array being overburdened by connection requests.
  • Array configuration is stored in an Active Directory® Application Mode (ADAM) database. Firewall policy for the array is stored in an ADAM database that can be placed on an array member, on a Configuration Storage server on the corporate network, or on a domain controller. Multiple Configuration Storage servers can be configured to provide fault tolerance for array configuration, and Configuration Storage servers can be placed at multiple locations, such as main and branch offices, to ensure that firewall configuration is always available to array members.
  • An enhanced management console, ISA Server Management, enables management of all arrays in the organization. From a single ISA Server 2004 Enterprise Edition management console, you can manage hundreds of array member servers contained in dozens of arrays located at disparate locations situated around the globe. ISA Server Management allows you to configure firewall policy at a single location and automatically update globally distributed array member servers automatically.
  • Support for both enterprise and array policies. You can create enterprise policies that are applied to multiple arrays. Enterprise policies allow you to create standardized firewall access policy and have it applied to globally distributed arrays. Array administrators can be allowed to customize array policy by creating firewall policies that apply only to a specific array and integrate array policy with enterprise policy. Combining enterprise and array firewall policies provides both the required level of centralized firewall control for an entire organization and enables array administrators to customize firewall policy to meet specific requirements of their particular enterprise array.

ISA Server 2004 Enterprise Edition provides centralized control over network security policy and high availability required by globally distributed enterprise environments. Centralized control reduces the chances of firewall configuration errors leading to a catastrophic security event that puts an organization’s key data assets at risk. High availability ensures that employees are able to access critical corporate data assets and Internet information required to perform their work.

Installation and basic configuration of ISA Server 2004 Enterprise Edition can be potentially complex. This ISA Server 2004 Enterprise Edition Quick Start Guide is designed to help you install and configure a simple enterprise array as quickly and simply as possible. This ISA Server 2004 Quick Start Guide is not intended to replace comprehensive documentation on ISA Server 2004 Enterprise Edition, nor is it meant to provide a collection of ISA Server 2004 Enterprise Edition best practices. The goal of this Quick Start Guide is to quickly provide an operational test enterprise array deployment so that you can evaluate it on your own network.

The following issues are discussed in this ISA Server 2004 Enterprise Edition Quick Start Guide:

  • Installation options
  • Network topology
  • Installing the Configuration Storage server on a domain controller
  • Creating and configuring a new enterprise policy
  • Creating and configuring a new array and array policy
  • Installing the firewall on the first array member
  • Installing the firewall on the second array member
  • Enabling the Cache Array Routing Protocol on the array
  • Enabling Network Load Balancing with bidirectional affinity on the array
  • Testing the ISA Server 2004 Enterprise Edition firewall policies

[Topic Last Modified: 02/26/2008]