Deployment Considerations for Microsoft Internet Security and Acceleration Server 2000 in Education

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Updated : June 9, 2001

Microsoft TechNet Solutions for Education

On This Page

Introducing ISA Server
ISA Server is an Enterprise Firewall
ISA Server is a Caching Server
How does ISA Server Differ from Proxy Server 2.0 and other Firewalls?
Education Scenarios for ISA Server
Minimal System Requirements for ISA Server
Array Considerations
Existing Network Considerations
Seven Steps to ISA Server: A Checklist
Conclusion

Introducing ISA Server

Teachers, parents, and administrators of K-12 and higher education institutions all know that the Internet is revolutionizing education – allowing access to vast resources, facilitating distance learning at the K-12 and higher education levels, turning K-12 students into publishers with a global audience, enabling college students to collaborate with peers worldwide, permitting parents to view and participate in their children's schoolwork. Along with these unprecedented opportunities come risks – children viewing inappropriate material over the Internet; hackers disrupting school districts or college campuses, or compromising student records; students surfing game sites when they should be researching assignments. Other problems – of system performance and manageability – arise not when users are abusing Internet access but rather when they're using it properly, but too heavily for some education infrastructures to keep up.

Microsoft® Internet Security and Acceleration (ISA) Server 2000 addresses the needs of today's Internet-enabled schools, colleges, universities and other education organizations. ISA Server provides a multi-layered enterprise firewall that helps protect the education organization's network resources. The Web cache of ISA Server enables education organizations to save network bandwidth and to provide faster Web access for users by serving objects from a local source, rather than over an Internet that is periodically congested.

Whether it is deployed as dedicated components or as an integrated firewall and caching server, ISA Server provides a unified management console that simplifies security and access management. Built to work with Windows® 2000, ISA Server provides secure and fast Internet connectivity with powerful integrated management tools.

ISA Server can provide value to information technology managers, network administrators, and information security professionals in education organizations of all sizes who are concerned about the security, performance, manageability, or operating costs of their networks. ISA Server can be used in a spectrum of scenarios, ranging from small schools, districts and satellite campuses, to major, multi-campus systems and statewide networks.

This white paper explains ISA Server and how its applications can benefit education organizations. It discusses firewalls and caching servers, how ISA Server goes beyond the functions provided by Microsoft Proxy Server 2.0 and other firewalls, and several education scenarios that illustrate its use. Readers will also gain an understanding of the key planning considerations necessary before implementing ISA Server.

ISA Server is an Enterprise Firewall

A firewall enhances security using various methods, including packet filtering, circuit-level filtering, and application filtering. Advanced enterprise firewalls, such as ISA Server 2000, combine several methods to provide protection at multiple network layers.

Packet Filtering

Packet filtering allows an education IT manager to control the flow of Internet Protocol (IP) packets to and from ISA Server. When packet filtering is enabled, all packets on the external interface are dropped unless they are explicitly allowed, either statically by IP packet filters, or dynamically by access policy or publishing rules. With static IP packet filtering, the system intercepts and evaluates packets before they are passed to higher levels in the firewall engine or to an application filter. IP packet filtering also allows an IT manager to block packets originating from specific Internet hosts and to reject packets associated with many common attacks.

Dynamic packet filtering provides higher and more hassle-free security than static filtering. By opening ports automatically as required for communications and closing those ports when the communication ends, dynamic filtering minimizes the number of exposed ports in both directions.

Circuit-Level Filtering

ISA Server's circuit-level filtering provides another layer of security because it lets education IT managers inspect sessions, as opposed to the connections or packets that they can control with packet filtering. A session can include multiple connections, providing a number of important benefits for Windows-based clients running the Firewall Client software. First, like dynamic packet filtering, sessions are established only in response to a user request, improving security. Second, circuit-level filtering provides built-in support for protocols with secondary connections, such as FTP and streaming media. Also available is the ability to define the protocol's primary and secondary connection in the user interface, without any programming or third-party tools, by specifying the port number or range, protocol type, TCP or UDP, and inbound or outbound direction.

Application Filters

Beyond packet filtering and circuit-level filtering is the most sophisticated level of firewall traffic inspection: application-level security. Good application filters allow an education IT manager to analyze a data stream for a particular application and provide application-specific processing including inspecting, screening or blocking, redirecting, or modifying the data as it passes through the firewall. This mechanism is used to protect against things like unsafe SMTP commands or attacks against internal Domain Name Servers (DNS). Third-party tools for content screening, including virus detection, lexical analysis, and site categorization, apply application- and Web-filters to build into the firewall.

ISA Server is a Caching Server

In addition to providing enterprise firewall capabilities, ISA Server, through its Web Proxy service, also serves as a caching server that speeds system performance. Basically, it stores remote Web pages that have been requested by users so, the next time those same pages are requested, the requests can be filled from the local storage site – the cache – rather than having to be filled from the original, remote Web site. Because the user doesn't have to wait for his or her request to go out onto the Internet and then to be answered from the Internet, response time is much faster.

Fast RAM caching in ISA Server keeps the most frequently accessed items in RAM. It optimizes response time even further by retrieving those items from memory rather than from disk. ISA Server provides optimized disk cache store that minimizes disk access on both read and write operations. Those techniques optimize response time and overall system performance.

ISA Server supports both forward caching, for outgoing requests to the Internet, and reverse caching, for incoming requests to the Web server. Clients benefit from the full gamut of ISA Server caching and routing features.

How does ISA Server Differ from Proxy Server 2.0 and other Firewalls?

ISA Server is the successor to Proxy Server 2.0. Product managers at Microsoft categorize the relationship between the products this way: Proxy Server's features make up about 10 percent of the new product. A broad range of new or enhanced features – including RAM caching, optimized cache store, symmetric multiprocessing support, steaming media support and more – make ISA Server a far more effective caching server than Proxy Server. Beyond that, the Internet security features – including the multi-layer firewall, stateful inspection, integrated virtual private networking, intrusion detection pass-through authentication, secure publishing, e-mail content screening and more – are an entirely new set of features not found in Proxy Server. They directly address the new challenges facing IT managers in education who seek to prevent unauthorized or improper Internet use while at the same time being tasked with maximizing appropriate Internet access as never before.

How does ISA Server stack up as a firewall and cache server? It is certified as a secure enterprise firewall by ICSA Labs, one of the IT security industry's most respected independent laboratories. ISA Server passed certification in fewer than 30 days, compared to the 90 to 120 days typically required for certification. That's an "impressive accomplishment," according to ICSA, that indicates the product needed very little adjustment to meet its criteria.

And as a cache server, ISA Server has been rated number one in price/performance and received high honors in throughput (based on requests per second) and in hit ratio from the industry's leading independent caching competition, by the Measurement Factory Inc. of Boulder, Colorado. ISA Server posted the top score with 78 hits/second per $1,000 and 145 requests/second per $1,000, outperforming every other entry by 16 to 600 percent. The price was based on ISA Standard Edition, priced at $1,499 per processor for the standard, commercial edition. Academic pricing closer to $700 nearly doubles the price/performance.

ISA Server also has these key advantages over competitive products:

  • Tight integration with the Microsoft Windows operating system for easy installation and effective use

  • Integrated firewall and Web cache management for single management interface access for both network security and Web performance

  • Scalability to support growing school districts, colleges and universities, as well as satellite campuses and distance learning facilities.

  • Lower cost of ownership to meet the budget-conscious needs of education IT managers.

Windows Integration

ISA Server was designed for the Windows 2000 platform, taking advantage of operating system technologies that include management, networking, and authentication services. In addition, Windows integration makes it easier for administrators to work with other Microsoft applications, such as Microsoft Exchange and Microsoft NetMeeting® conference software, and Microsoft Windows Media™ technology player.

  • Microsoft Active Directory. With ISA Enterprise Edition, education IT managers can leverage Microsoft Active Directory™ service to provide scalable and centralized administration of Windows Users and Groups, ISA Access Policies, and ISA Server Configuration information.

  • Networking and Security Features. Education IT managers can take advantage of Windows networking features such as the built-in virtual private networking (VPN) for secure connectivity and quality of service (QoS) for bandwidth prioritization.

  • Windows Technologies and Windows-based Applications. Education IT managers can utilize core operating system services like authentication, event logs, and the Microsoft Management Console (MMC) administration tool. Support for Windows applications makes configuring and managing application access easier.

Integrated Firewall and Web Cache Management

ISA Server provides unified management that addresses the challenge of managing both network security and Web performance. From a single interface, education IT administrators can set access policies that are applied to both the firewall and the cache, providing consistent control over Internet access.

  • Unified Policy and Access Control. Whether deployed as a firewall or Web cache server, ISA Server manages Internet access consistently with access control policies. Access restrictions placed on the firewall are applied to the Web cache server as well.

  • Unified Management. Administrators use a single management interface for both firewall and Web caching. The firewall and Web cache share the same logging, reporting, and alerting services of ISA Server.

Scaling Up and Scaling Out for the Enterprise

ISA Server Enterprise Edition is built for even the largest education enterprise, such as major research universities and state-wide education organizations. The tiered policies provide a scalable management model. This model makes it simple to extend the number of managed clients and servers. Performance also scales to meet the growing needs of large organizations with technologies such as symmetric multiprocessing (SMP), network load balancing (NLB), and Caching Array Routing Protocol (CARP).

  • Tiered Policy Management. ISA Server Enterprise Edition provides tiered policies that allow servers to have local array policies while inheriting enterprise-wide policies. Administrators can also delegate various levels of ISA Server administration in distributed deployments.

  • Scale Up Performance. Microsoft designed ISA Server to scale up with multiple processors by optimizing for Windows 2000 SMP. Unlike many other products, ISA utilizes the extra processing power to boost performance. (ISA Server Standard Edition supports a maximum of four processors).

  • Scale Out Performance. ISA Server uses the Windows NLB Services and, with Enterprise Edition, education IT managers can take advantage of CARP to provide fault-tolerance, high availability, efficiency, and performance through clustering of multiple ISA Server machines.

Lower Cost of Ownership

ISA Server lowers cost of ownership for firewall and Web caching by providing integrated services, familiar management tools, and an open platform for product extensions. Education organizations benefit from integrated robust features and an extensible investment.

  • Integrated Services. Unlike other solutions that require separate purchases, ISA Server integrates services such as firewall, Web cache, basic intrusion detection, reporting, VPN, and bandwidth management into a single product.

  • Leverage Existing Windows Skills. Education administrators can leverage their current Windows knowledge and skills and focus on security issues and policy definition, rather than learning a new user interface (UI) or tool set.

  • Works with What You Have. ISA Server can operate in a mixed environment with Microsoft's secure network address translation (SecureNAT) technology. ISA Server provides transparent services to clients and servers, allowing education administrators to work with their existing computing platforms.

  • Extensible Open Platform. With an extensive software development kit (SDK) and application programming interfaces (APIs), ISA Server has industry-wide, third party, vendor support to provide value-added security, management, and caching applications. ISA Server provides an open platform that ensures customers get scalable security, performance, and management.

Education Scenarios for ISA Server

Education organizations have a broad range of needs that can be met by ISA Server 2000 – from speeding access to popular Web sites and blocking access to unauthorized ones, to permitting secure Web publishing while minimizing the ability of hackers to penetrate the district or campus infrastructure. Here are a few hypothetical examples of ISA Server in action:

  • Problem: A military academy wants to provide Internet access for students from their dorm rooms. But, rather than providing uniform access, the institution would like to narrow the access provided to freshmen while broadening it for upperclassmen.

    Solution: With ISA Server, IT administrators can define several different access policies. They create one access policy, called "freshman access," which cuts off Internet access after 9 pm. Another access policy, called "upperclassmen access," cuts off Internet access at midnight. The freshmen policy is assigned to the freshman group or organizational unit in Active Directory, and the upperclassmen policy is assigned to the upperclassmen group.

  • Problem: The college's firewall administrator has just left the institution for a lucrative opportunity in industry. No one at the college has a clue about how to configure the BSD-based Gauntlet firewall. Therefore, no changes in access policy can ever occur.

    Solution: With ISA Server, almost any administrator can configure the firewall. Third-party integration products allow IT managers to further simplify management. For example, they can offload the filtering aspects to N2H2 or SurfCONTROL, simplify management with NetIQ, and update their filter dynamically by using CornerPost Chaperon. IT managers will not have to hand-edit a cf file or recompile a kernel in order to allow another protocol through.

  • Problem: Schools are filled to the brim with the future hackers of the world. With free access to the Internet, there is almost no limit to the havoc they can create.

    Solution: With ISA and its integration of intrusion detection tools from ISS, malicious hacking activities can be monitored automatically. When a student starts a Ping of Death, ISA Server can shut down the port immediately and trigger an event. That event could alert the principal or guidance counselor, restrict that student to computers within eyesight of a system administrator, or limit their bandwidth to the equivalent of a 28.8 modem – giving the student cause to regret his or her attempt at cyber-destruction.

  • Problem: Education institutions often provide students with unlimited Internet access, but have no idea of how that access is used. As a result, teachers and administrators can't know who may be repeatedly trying to reach inappropriate sites, who may be surfing instead of researching, and who may be generating the most Internet traffic during peak times. Beyond correcting inappropriate Web use, a better understanding of who is using the Web and how would enable teachers to work with students to guide them to more effective use of the Web for research.

    Solution: ISA Server's reporting features give education administrators a clear view of the approximately 25 most popular Web sites for their users, as well as a record of the most popular Internet applications and the heaviest power users. ISA Server gives administrators the flexibility to award greater bandwidth during times of heaviest use to selected users, perhaps power users who always go to approved or productive sites (as determined by a compatible third-party content engine).

  • Problem: Although many schools and universities have unlimited bandwidth, others have to economize. It's especially frustrating to administrators to see network performance slow when many students are going to the same site. Slow performance under these circumstances can even prevent an institution from engaging in certain teaching exercises, such as having a thousand students participate in a simultaneous school-wide Internet exercise.

    Solution: ISA can generate reports to determine which sites are hit the most, and then intelligently cache those sites locally so that the server does not have to go out onto the Internet to access them. Further, because ISA Server caches using RAM in addition to hard disk space, it can give students access to popular Web sites even faster than if it relied on hard disk space alone.

  • Problem: Education administrators need secure access beyond the confines of the district or campus. In some cases, IT managers may want to be able to access the network from their homes so that they can handle system management on nights and weekends. In other cases, administrators may wish to bring remote or satellite campuses or facilities into the network, or to enable distance learning activities with students across the county or across the state.

    Solution: ISA server can be configured as a VPN server to allow communication from specific remote clients to network resources. In this scenario, ISA Server is installed in integrated mode as a stand-alone server. A network dial-up connection is configured on the ISA Server computer to dial to an Internet service provider. The ISA Server computer also has a network card connected to the internal network. The remote clients – either administrators working from home or teachers or managers at remote sites – dial into the ISP as well, and a VPN tunnel is established between them.

  • Problem: A rural school district has facilities spread across many miles, or a college or university campus has several remote campuses. Managing performance at these far-flung facilities can be a problem, with remote users often getting the short end of the stick when traffic is high and available bandwidth is low. Education IT administrators would like to manage the network so that remote users have equal Internet access with users on the central campus or facility.

    Solution: ISA Server can be deployed in a large, demographically dispersed network with arrays of computers in the main facility and at branch or satellite facilities, as necessary to accommodate user needs. This allows education IT administrators to centralize the security and caching policy for the entire organization. It also alleviates performance concerns in the remote facilities, as an ISA Server can service user requests for Internet objects from the local cache.

  • Problem: School districts and colleges and universities have a major interest in Web publishing, whether they're posting public relations and recruitment information, student projects, research data, or school lunch and scheduling information. However, a public Web server can be an inviting target for hackers. The education organization wants outside users to have full access to its data – but only to that data it chooses to make publicly available.

    Solution: ISA Server offers Web publishing functions that enable education organizations to securely publish Web content from within their protected intranets. The ISA Server impersonates a Web server to the outside world, while the Web server maintains access to internal network services. The Web server can be located either on the same computer as the ISA Server or on a different computer, although a separate server heightens the security of the system.

Minimal System Requirements for ISA Server

For optimal performance, an education IT manager should plan the hardware and Internet connectivity of ISA Server to meet the expected load. To use ISA Server, an organization needs:

  • A personal computer with a 300MHz or higher Pentium II-compatible CPU

  • For the operating system, the computer must run Microsoft Windows 2000 Server with Service Pack 1 or later, Microsoft Windows 2000 Advanced Server with Service Pack 1 or later, or Microsoft Windows 2000 Datacenter Server. The latest Service Pack is always recommended.

  • 256MB of memory

  • 20MB of available hard disk space

  • A network adapter that is compatible with Windows 2000, for communication with the internal network

  • One local hard disk partition that is formatted with the NTFS file system

To implement the array and advanced policies configuration, the education IT manager must also run Active Directory. If the education organization is using ISA Server in firewall or integrated mode, two network adapters are required.

Array Considerations

After an education IT manager decides how many servers to install, the next step is to determine how to arrange them in the network. If the district or campus is installing more than one server, setting up an array of ISA Server computers should be considered. Arrays allow a group of ISA Server computers to be treated and managed as a single, logical entity. In addition, they provide scalability, fault tolerance, and load balancing.

All array members must be in the same Windows 2000 domain and in the same site. For more information, see Windows 2000 Help.

If an education IT manager chooses not to install ISA Server as an array member, it can be installed as a stand-alone server. Stand-alone server installations do not require that the computer belong to a Windows 2000 domain.

Centralized Management

All the servers in an array share a common configuration. This saves on management overhead, since the array is configured once and then the configuration is applied to all the member servers. Furthermore, an education IT manager can apply an enterprise policy to an array, allowing the organization to centralize management for all the arrays in its enterprise.

An education IT manager may choose to set up arrays at each remote facility or campus of the organization. Because each such remote facility then has its own array, it can define usage policies that will be common to all the servers in the array. As an alternative, at the enterprise level, an IT manager can configure all the arrays in the enterprise to use one enterprise policy. At the enterprise level, an IT manager can also decide which arrays are allowed to publish servers. Furthermore, at the enterprise level, an IT manager can enforce packet filtering for the arrays in the enterprise.

Scalability and Fault Tolerance

Even if the organization is installing just one ISA Server computer, it should consider installing it as an array member. An array installation means that future expansion is easier — it is simple to add an additional server to the array.

ISA Server arrays help ensure fault tolerance. If one server becomes unavailable, the other servers in the array can perform caching and security functions on its behalf. In this way, the education organization can ensure continuous uptime for its students, faculty and staff.

Load Balancing

Arrays allow client requests to be distributed among several ISA Server computers, which increases response time for clients. Because the load is distributed across all the servers in the array, the education organization can achieve good performance even with moderate hardware.

Comparing Arrays and Stand-alone Servers

The table below compares features and requirements for stand-alone servers and array members.

Array

Stand-alone server

Scalability and fault tolerance

Can have one or more member servers.

Limited to only one member.

Active Directory requirement

Yes. Must be installed only in Windows 2000 domains with Active Directory installed. However, the local network can include Windows NT® 4.0 domains.

No. Can be installed in Windows NT 4.0 domains. Configuration information is stored in the registry.

Enterprise policy

Yes. A single policy can be applied to all arrays in the enterprise.

No. Only a local array policy can be applied.

Forward Caching Requirements

ISA Server can be deployed as a forward-caching server, which maintains a centralized cache of frequently requested Internet objects that can then be accessed by any Web browser client. In this case, the education IT manager should consider how many Web browser clients will access the Internet. The table below lists hardware configurations according to the expected number of internal clients accessing Internet objects.

# Users

ISA Server Computer Minimum Configuration

RAM (MB)

Disk Space Allocated for Caching

Up to 500

Single ISA Server computer with Pentium II, 300MHz

256

2-4 Gigabytes

500–1,000

Single ISA Server computer with two Pentium III, 550MHz processors

256

10 Gigabytes

More than 1,000

Two ISA Server computers, each with Pentium III, 550MHz, processors

256 for each server

10 Gigabytes for each server

As an education organization's user base exceeds 1,000 users, it can either use hardware with stronger processors and more memory, or it can add more ISA Server installations. When the organization sets up more than one ISA Server computer, it should consider grouping the computers in arrays.

Publishing Requirements (Reverse Caching)

The ISA Server cache can be deployed to fulfill Web requests from outside of the education organization. This is called reverse caching. For example, the organization might place an ISA Server computer between the Internet and the organization's Web server that is hosting student recruitment information or providing access to distance learners. In that case, the organization needs to consider how often external clients will request objects from the publishing servers.

The table below lists hardware configurations for an expected number of requests from Internet (external) users, in a reverse caching scenario.

Hits per second

ISA Server computer

Less than 100

Single ISA Server computer with Pentium II, 300MHz

Up to 250

Single ISA Server computer with Pentium III, 450MHz

More than 250

ISA Server computer with Pentium III, 550MHz.
For every additional 250 hits per second, add an additional ISA Server computer or use Performance Monitor to determine bottlenecks. Then, add more servers or more powerful hardware, as necessary.

Memory requirements depend on the size of the cacheable content that the organization is publishing, the working set of the content. Ideally, all cacheable content should fit into the available memory. For example, if the Web site has 250MB of content, then 256MB RAM is sufficient.

Existing Network Considerations

When a school, college or university installs ISA Server, it is doing so to secure and connect an existing network of services. In most cases, the organization will not need to change its existing network configuration when it installs ISA Server.

The following sections describe network issues to consider when deploying ISA Server.

Existing Windows 2000 or Windows NT 4.0 Domain

ISA Server can be installed as a stand-alone server or as an array member in a Windows 2000 domain.

When the organization installs ISA Server as an array member in a Windows 2000 domain, the ISA Server schema is installed to Active Directory. Active Directory must be installed on the ISA Server domain to use ISA Server arrays. When the organization installs ISA Server as a stand-alone server, it saves its configuration information to the local registry.

Arrays of ISA Server computers can also be used to connect and secure Windows NT 4.0 domain users and clients to the Internet. However, the array must be set up on a separate Windows 2000 domain. Then, a trust relationship must be established between the Windows NT 4.0 domain and the domain to which the ISA Server computer belongs.

ISA Server can be installed as a stand-alone server in a Windows NT 4.0 domain. No special configuration is required.

Interaction with Other Network Services

A school district, college or university may have experience with the Routing and Remote Access service in Windows 2000 to make network services and computers available to remote clients. ISA Server provides the remote connectivity, and extends the Routing and Remote Access features by offering more extensive and flexible security features. ISA Server packet filtering replaces the packet filtering in Routing and Remote Access. ISA Server uses the dial-up connections that the organization has already configured for Routing and Remote Access.

Similarly, the organization may have previously used the Internet Connection Sharing (ICS) or Network Address Translation (NAT) features of Windows 2000 to access the Internet. ISA Server can be used instead of NAT or ICS, replacing and enhancing its function in the organization. ISA Server provides the connectivity enabled by NAT or ICS, and adds sophisticated security and caching features.

Seven Steps to ISA Server: A Checklist

Every ISA Server deployment will be a bit different, based on the specific goals, existing infrastructure and other aspects of the installation. Here are seven key steps for administrators to consider as they plan and implement their deployments of ISA Server:

  1. Set up hardware to meet pre-installation requirements. Before installing ISA Server, configure your hardware and software to support it. If the network connects directly to the Internet, set up a network adapter that connects the ISA Server computer to the Internet. If the network uses a dial-up connection to the Internet, configure a modem or ISDN adapter for the ISA Server computer.

  2. Migrate from Proxy Server 2.0 to ISA Server. If the network is already running Proxy Server 2.0, prepare those computer or computers by removing them from the Proxy Server 2.0-based array, uninstalling Proxy Server and IIS 5.0, and formatting the logical drive containing the URL cache.

  3. Initialize the Enterprise. Before an ISA Server computer can be set up as an array member, the ISA Server schema must be installed to Active Directory on the domain controller. ISA Server includes an Enterprise Initialization Tool to accomplish this. If ISA Server was previously installed in the network or if it is to be used as a standalone server, this step can be skipped.

  4. Install ISA Server. ISA Server is installed from its CD-ROM, which walks the administrator through the process, requesting installation options (typical, full, custom), which array to join, which mode to use (firewall, cache or integrated), cache configuration (if caching/integrated is chosen), and local address table configuration (which enables ISA Server to distinguish between internal and external networks).

  5. Configure the Environment. Use ISA Server's Getting Started Wizard to configure the environment so that client computers can begin using ISA Server. Use it to implement array-level policy elements, protocol rules, and site and content rules, and to set system security level and to configure packet filtering.

  6. Implement subsequent deployments. Once the first ISA Server is deployed and enterprise policy has been established, subsequent deployments of ISA Server can be made, if desired. Additional deployments can support multiple Internet access points from the central campus or school district, if any, as well as supporting satellite schools or facilities.

  7. Configure the Internet Explorer and Firewall Client. In both the initial and subsequent deployments of ISA Server, make the necessary configurations available to Internet Explorer and the Firewall client (included with ISA Server) so that ISA Server computers can access the Internet. This step requires configuring two .DAT files, Wpad.dat and Wspad.dat.

Conclusion

At a time when school districts, colleges, universities and other education organizations want and need to provide more Internet access than ever before, they must also deal with the challenges that come with such access – traffic and performance issues, restricting access to authorized sites and to authorized users, preventing hacking from both inside and outside of the organization, ensuring that students maximize their use of the Internet as a learning tool, and so on.

Microsoft Internet Security and Acceleration Server 2000 meets these needs with a comprehensive, integrated enterprise firewall and caching server that provides powerful, cost-effective performance. It meets the broad range of education needs for secure Web publishing, access for remote schools and campuses, monitoring and analysis of Internet use, firewall protection from hackers, and more. It integrates easily with the Windows environments that most education organizations already have; provides integrated firewall and cache for easy management, scales to support continued growth, and offers the low total cost of ownership especially important to education organizations.