ISA2000 instalation
A Windows 2000 Server with a full implementation of Active Directory is the minimum on which it is possible to install Microsoft ISA Server. Before installing ISA Server, one must configure Active Directory (adding required classes and selecting object properties).
Fig. 1: ISA Server setup screen with selected AD schema modification option
Before the system attempts to update the schema you will be warned that this action is not reversible.
Fig. 2: Active Directory’s modification-related warning
When modifying the schema, it is necessary to determine what the intended extent of modifications to the existing policies integrated in AD would be. In case of problems with the modification of Active Directory, one should consult the Ldif.log file.
Fig. 3: Modifying Active Directory
Once the Active Directory has been updated, you can attempt to install ISA Server. In the first step, you will be requested to supply the information about the installation mode (Typical, Full, Custom).
Fig. 4: ISA Server installation options
After this step, the set-up wizard checks whether Active Directory has already been installed or not and if any settings have been modified. Next, you will be prompted to determine if the server should be a part of a domain or be used as a standalone unit. In the next step, select the mode of operation from the following three options:
· Firewall – with this option, ISA Server will function as a very powerful firewall,
· Web Cache – will establish the ISA Server as a cache server and give access to ‘Net resources’
· Integrated Mode – when in integrated mode, all ISA Server implemented and initialized features will be available.
Fig. 5: Selecting the functional mode
Once the required mode has been selected, the next dialog box stops the Internet Information Services (if any are already installed) and prompts you to either deinstall IIS or re-configure it not to listen in on ports 80 and 8080 that are required for ISA Server. Despite possible joint operation, Microsoft recommends relocating the IIS Server to another machine.
In the next step, you will be prompted to specify the cache size for the Web Cache service.
Fig. 6: Configuring the cache size for WWW caching
If it is a multiple-disk server, one may benefit by distributing caches onto a few disks. This would accelerate the process of accessing cacheable information.
Having configured appropriate cache sizes for WWW Web services one may attempt to configure LAT (Local Address Table).
Fig. 7: LAT setup utility
LAT (Local Address Table) – these are tables that define all internal IP address ranges. If one selects this Table (Fig. 7), either the private IP address ranges as defined in RFC 1918 (10.X.X.X, 172.16.X.X, 192.168.X.X) or the external Windows 2000 routing tables will be used.
Fig. 8: A default LAT
Once this step is successful, you will get a screen with the end of LAT configuration. Remember to ensure that all network cards are connected to the Internet while installing ISA Server. Should any network card be inactive, LAT tables will probably not be created.
Fig. 9: Completing the LAT setup procedures
After completing the setup procedures, you can attempt to replicate the content of all files to the ISA Server directory. After installation, the ISA Server Administration utility will start.
Fig. 10: Microsoft ISA Server Administrator utility and Getting Started Wizard
To manage this utility, use the Microsoft Management Console (MMC) feature. The left dialog box contains all options that are necessary for setup whilst the right box provides the settings available for such options.
Getting Started Wizard
Because ISA Server is completely different from Proxy Server 2.0, Microsoft recommends that even experienced administrators become acquainted with the Wizard that will help in the initial steps of product configuration and customization.
The Getting Started Wizard works with a set of options that will aid
users through the process of customizing the product and will also clarify the effects of specific modifications when introduced to the ISA Server.
The Wizard is split into two sections (see Fig. 10):
- Configuring policies,
- Configuring arrays.
After you have finished the initial configuration of ISA Server with help from the Getting Started Wizard, you can fully adapt the product to the working environment by finally re-adjusting certain settings.
Creating protocol rules
Administering an ISA Server means creation of suitable arrays, rules and policies. Arrays and policies have already been explained so let us examine the term “rules”.
ISA Server uses two types of rules:
- Site and content rule – determines if and when content from specific Internet destinations can be accessed by users,
- Protocol rule – determines which packets may or may not access the ISA server.
Apart from the above rules, the following rules can also be defined for ISA server:
- Bandwidth (Capacity) rule – this will prioritise different types of services using ISA server. This allows administrators to verify which specific www traffic or business-related traffic will be allocated to the available bandwidth.
- Web publishing rules– to “publish” incoming HTTP, HTTPS, FTP requests and map them as services on the ISA Server.
- Server publishing – with this feature, clients from the public Internet are directed to the ISA Server instead of to the web server. Moreover, the ISA Server may act as the proxy for inbound and outbound traffic between the public Internet clients and the internal web server.
Web Cache functions
ISA Server features high-performance Web Cache functions. With Cache Configuration tab the user is guided through Web service configuring. In addition to a variety of settings, the possibility exists to set up the size of the cache memory per hard disk and configure the schedule of caching tasks (TTL utility).
Fig. 11: Configuring caching services
- Forward Web Caching Server – this is the most popular use of the Web caching server. Its function is as follows:
0 comments: to “ ISA2000 instalation ”
Post a Comment