Download presentation
Presentation is loading. Please wait.
Published byHomer Warner Modified over 9 years ago
1
Module 11: Implementing ISA Server 2004 Enterprise Edition
2
Overview Overview of ISA Server 2004 Enterprise Edition Planning an ISA Server 2004 Enterprise Edition Deployment Implementing ISA Server 2004 Enterprise Edition
3
Lesson: Overview of ISA Server 2004 Enterprise Edition Animation: Comparing ISA Server 2004 Enterprise Edition and Standard Edition Why Deploy ISA Server Enterprise Edition? What Is Active Directory Application Mode? What Is a Configuration Storage Server? What Are Enterprise Policies? What Are Enterprise Networks? What Are Arrays and Array Policies? What Are Effective Policies? How Enterprise Edition Integrates with Network Load Balancing How Enterprise Edition Enables Virtual Private Networking How Enterprise Edition Enables Distributed Caching Using CARP
4
Animation – Comparing ISA Server 2004 Enterprise Edition and Standard Edition
5
Why Deploy ISA Server Enterprise Edition? ISA Server 2004 Enterprise Edition enables: Easier management of multiple-server deployments More scalable Web proxy caching More scalable and fault-tolerant deployments Easier management of multiple-server deployments More scalable Web proxy caching More scalable and fault-tolerant deployments ISA Server 2004 Enterprise Edition deployment scenarios: Deploying multiple ISA Server computers with the same configuration Deploying ISA Server computers in a distributed administration scenario Deploying ISA Server computers without Active Directory Deploying multiple ISA Server computers with the same configuration Deploying ISA Server computers in a distributed administration scenario Deploying ISA Server computers without Active Directory
6
What Is Active Directory Application Mode? Active Directory Application Mode: Is a special mode of the Active Directory directory service Is an LDAP-compatible directory that does not require DNS or domains Enables multiple-master replication between ADAM servers Is a special mode of the Active Directory directory service Is an LDAP-compatible directory that does not require DNS or domains Enables multiple-master replication between ADAM servers ADAM is installed when you install Configuration Storage server You use ISA Server Management to manage the directory information stored in ADAM ADAM is installed when you install Configuration Storage server You use ISA Server Management to manage the directory information stored in ADAM
7
Configuration Storage Server MS Firewall Control Port 3847 MS Firewall Control Port 3847 MS Firewall Storage Replication Port 2173 MS Firewall Storage Replication Port 2173 ISA Server Management MS Firewall Storage Port 2172/2121 MS Firewall Storage Port 2172/2121 What Is a Configuration Storage Server?
8
What Are Enterprise Policies? Definition An ordered set of access rules and policy elements defined at the enterprise level Options Unless you configure enterprise policies, only array policies apply You can configure enterprise polices to be applied before or after the array policy Configure policy elements that can be used when configuring enterprise or array rules Unless you configure enterprise policies, only array policies apply You can configure enterprise polices to be applied before or after the array policy Configure policy elements that can be used when configuring enterprise or array rules
9
What Are Enterprise Networks? Definition A range of enterprise-level IP addresses that do not cross a security boundary To use enterprise networks, you can: Use the predefined enterprise networks, which are associated with array networks of the same name Define enterprise rules using enterprise networks Use enterprise networks to enable communication between arrays Manage the IP address space in the organization Use the predefined enterprise networks, which are associated with array networks of the same name Define enterprise rules using enterprise networks Use enterprise networks to enable communication between arrays Manage the IP address space in the organization
10
What Are Arrays and Array Policies? Array definition A group of ISA Server 2004 computers that share the same configuration Includes a Configuration Storage server and ISA Server Management computers Requires that ISA Server computers have a similar server configuration A group of ISA Server 2004 computers that share the same configuration Includes a Configuration Storage server and ISA Server Management computers Requires that ISA Server computers have a similar server configuration Array policy definition A set of access rules and publishing rules applied to all array members An array policy definition includes: Policy elements that can define array rules Array networks that define network configuration options A set of access rules and publishing rules applied to all array members An array policy definition includes: Policy elements that can define array rules Array networks that define network configuration options
11
What Are Effective Policies? Definition The resultant policy applied to an array member after the system policy, enterprise policy and the array policy rules are evaluated based on rule order Example: Enterprise policy rules applied before array firewall policy Allow HTTP and HTTPS access to the Internet for all users. Branch office array firewall policy rules Allow all protocol access from the Internal network to the Internet for all authenticated users Allow DNS protocol traffic from branch-office DNS servers Enterprise policy rules applied after array firewall policy Enable DNS protocol traffic from main-office DNS servers Enterprise policy rules applied before array firewall policy Allow HTTP and HTTPS access to the Internet for all users. Branch office array firewall policy rules Allow all protocol access from the Internal network to the Internet for all authenticated users Allow DNS protocol traffic from branch-office DNS servers Enterprise policy rules applied after array firewall policy Enable DNS protocol traffic from main-office DNS servers
12
How Enterprise Edition Integrates with Network Load Balancing Enterprise Edition integrates with network load balancing (NLB) by: NLB configuration is performed using ISA Server Management ISA Server provides NLB health monitoring Each network in an array can be configured for NLB ISA Server enables single affinity so clients always connect to the same ISA Server computer ISA Server supports bi-directional affinity for front- end/back-end firewall scenarios NLB configuration is performed using ISA Server Management ISA Server provides NLB health monitoring Each network in an array can be configured for NLB ISA Server enables single affinity so clients always connect to the same ISA Server computer ISA Server supports bi-directional affinity for front- end/back-end firewall scenarios
13
How Enterprise Edition Enables Virtual Private Networking Network load balancing can be integrated with virtual private networking to enable: Network load balancing for remote access VPNs The VPN clients must connect to the shared IP address Network load balancing for site-to-site VPNs The remote-site VPN server must connect to the shared IP address Client requests are automatically directed to the VPN tunnel owner Tunnel failover is automatically enabled Network load balancing for remote access VPNs The VPN clients must connect to the shared IP address Network load balancing for site-to-site VPNs The remote-site VPN server must connect to the shared IP address Client requests are automatically directed to the VPN tunnel owner Tunnel failover is automatically enabled Deploying a Site-to-Site VPN without NLB will disable automatic failover
14
How Enterprise Edition Enables Distributed Caching Using CARP CARP enables distributed caching: Without duplication of cache content Without network traffic between ISA Server computers That can adjust to the addition or removal of array members That evenly distributes the cache or distributes the cache based on load factors Without duplication of cache content Without network traffic between ISA Server computers That can adjust to the addition or removal of array members That evenly distributes the cache or distributes the cache based on load factors CARP works by: Using a script on the Web client that selects the ISA Server computer that will cache the Web content Using a script on the ISA Server computer to redirect client requests to the ISA Server compute that will cache the Web content Using a script on the Web client that selects the ISA Server computer that will cache the Web content Using a script on the ISA Server computer to redirect client requests to the ISA Server compute that will cache the Web content CARP does not use the shared IP address assigned to a NLB cluster
15
Lesson: Planning an ISA Server 2004 Enterprise Edition Deployment ISA Server Enterprise Edition Deployment Scenarios Planning the Configuration Storage Server Deployment Planning Enterprise and Array Policy Configuration Planning for Centralized Monitoring and Management Migrating from ISA Server 2000 Enterprise Edition Overview
16
ISA Server Enterprise Edition Deployment Scenarios Deploy multiple ISA Server computers in identical roles to: Use centralized management using arrays Implement Network Load Balancing Implement CARP Use centralized monitoring Use centralized management using arrays Implement Network Load Balancing Implement CARP Use centralized monitoring Deploy ISA Server computers in a workgroup to: Isolate the ISA Server computers from the domain Implement flexible ISA Server computer configurations Isolate the ISA Server computers from the domain Implement flexible ISA Server computer configurations Deploy ISA Server computers in a branch office to: Use multiple ISA Server computers for each role Deploy a Configuration Storage server in each office Use multiple ISA Server computers for each role Deploy a Configuration Storage server in each office
17
Planning the Configuration Storage Server Deployment Guidelines for deploying Configuration Storage servers: Deploy multiple Configuration Storage servers 1 1 Consider network speed when deploying Configuration Storage servers 4 4 Install the Configuration Storage server in a domain 3 3 Test and verify communication between Configuration Storage servers 5 5 Install the Configuration Storage server on a dedicated computer 2 2
18
Planning Enterprise and Array Policy Configuration Guidelines for planning enterprise and array policies: Create an enterprise policy for each unique type of array that you deploy 1 1 Plan the policy rules and policy rule order for each enterprise policy 4 4 Use the default enterprise policy if you only want to configure array level rules 3 3 When you create an array, choose what types of rules can be created at the array level 5 5 Configure only the enterprise policies you need 2 2 Configure the array policy to meet the access-rule and publishing-rule requirements for the array 6 6
19
Planning for Centralized Monitoring and Management Guidelines for centralizing monitoring and management: Choose a remote administration option: either Remote Desktop or ISA Server Management 1 1 Implement MOM for centralized monitoring 4 4 Assign administrators to array administrative roles 3 3 Assign administrators to enterprise administrative roles 2 2
20
Migrating from ISA Server 2000 Enterprise Edition Overview Steps to migrate the ISA Server 2000 configuration to ISA Server 2004: Use the ISA Server Migration Wizard to export the ISA Server 2000 configuration to an.xml file Install Configuration Storage server Import the.xml configuration file into the Configuration Storage server Use the ISA Server Migration Wizard to export the ISA Server 2000 configuration to an.xml file Install Configuration Storage server Import the.xml configuration file into the Configuration Storage server You can also upgrade individual ISA Server 2000 computers to ISA Server 2004 after you deploy the Configuration Storage server
21
Lesson: Implementing ISA Server 2004 Enterprise Edition Requirements for Installing Enterprise Edition ISA Server Enterprise Edition Implementation Overview How to Install Configuration Storage Server How to Configure Enterprise Policies and Networks How to Configure Arrays and Array Policies How to Install ISA Server 2004 Enterprise Edition How to Configure an ISA Server Management Computer
22
Requirements for Installing Enterprise Edition Hardware requirements: A network adapter for each connected network A network adapter for intra-array communication is recommended if you implement NLB 150 MB of disk space plus space for caching and logging A network adapter for each connected network A network adapter for intra-array communication is recommended if you implement NLB 150 MB of disk space plus space for caching and logging Server component or service Capable of running on: Windows Server 2003 Windows 2000 Server Windows XP Configuration Storage Server ISA Server services Message Screener Firewall Client Share ISA Server Management
23
ISA Server Enterprise Edition Implementation Overview To implement ISA Server Enterprise Edition: Install a Configuration Storage server 1 1 Install ISA Server services on one or more computers 4 4 Install additional Configuration Storage servers 3 3 Install ISA Server Management on a management workstation 5 5 Define the enterprise policies, policy rules, and enterprise networks, as well as the required arrays and array policies 2 2
24
How to Install Configuration Storage Server
25
Practice: Installing Configuration Storage Server Configure the required user and group accounts Install the Configuration Storage Server Host1 Host2 Den-DC-01 Demo-CSS-01
26
How to Configure Enterprise Policies and Networks To prepare the ISA Server Enterprise: Configure enterprise networks 2 2 Configure the enterprise policy 4 4 Create enterprise policy elements 3 3 Add policy rules to the enterprise policy 5 5 Delegate enterprise administrator permissions 1 1
27
How to Configure Arrays and Array Policies
28
Practice: Configuring Enterprise and Array Policies Create an enterprise network and enterprise policy Create arrays Host1 Host2 Den-DC-01 Demo-CSS-01
29
How to Install ISA Server 2004 Enterprise Edition
30
How to Configure an ISA Server Management Computer
31
Course Evaluation
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.