Tài liệu Module 5: Configuring Access to Internal Resources potx

What Are Web Publishing Rules?Web publishing rules provide the following features: Secure Web publishing rules enable the use of SSL to encrypt network traffic between client and server

Module 5:

Configuring Access

to Internal Resources

Introduction to Publishing

Configuring Web Publishing

Configuring Secure Web Publishing Configuring Server Publishing

Configuring ISA Server Authentication

Lesson: Introduction to Publishing

Multimedia: Using ISA Server 2004 to Enable Access

to Internal Network Resources

What Are Web Publishing Rules?

What Are Server Publishing Rules?

DNS Configuration for Web and Server Publishing

Multimedia: Using ISA Server 2004 to Enable Access to Internal Network Resources

What Are Web Publishing Rules?

Web publishing rules provide the following features:

Secure Web publishing rules enable the use of SSL to encrypt network traffic between client and server

Web publishing rules provide the following features:

Secure Web publishing rules enable the use of SSL to encrypt network traffic between client and server

Logging client IP address

Content caching Publish multiple Web sites with one IP address Link translation

Logging client IP address

ISA Server

What Are Server Publishing Rules?

Server publishing rules provide the following features:

Server publishing rules forward requests to internal servers based on protocol and port number

Server publishing rules provide the following features:

Server publishing rules forward requests to internal servers based on protocol and port number

Publish content using

multiple protocols

Application layer filtering

for protocols with

application filters

Publish content using

multiple protocols

Application layer filtering

for protocols with

DNS Configuration for Web and Server Publishing

ISA Server ISA

Server

3 4

www.cohovineyard.com

2

Lesson: Configuring Web Publishing

Web Publishing Rules Configuration Components How to Configure Path Mapping

How to Configure Web Listeners

How to Configure Link Translation

How to Configure a New Web Publishing Rule

Web Publishing Rules Configuration Components

Web publishing rules configuration:

Sales Human Resources

Online Store

How to Configure Path Mapping

http://www.cohovineyard.com/hr Virtual Directories

http://www.cohovineyard.com/shop

ISA Server ISA

Server

How to Configure Web Listeners

http://www.cohovineyard.com

Private Web Site

CohoVineyard Web Site

http://private.cohovineyard.com Anonymous Web listener

Authenticated Web listener

ISA Server ISA

Server

How to Configure Link Translation

http://www.cohovineyard.com

Translate Links

ISA Server ISA

Server

Links

How to Configure a New Web Publishing Rule

Web Publishing Rule Wizard configuration:

Practice: Configuring Web Publishing

Configuring a New Web Listener Configuring a New Web Publishing Rule Testing the Web Publishing Rule

Lesson: Configuring Secure Web Publishing

What Is Secure Sockets Layer?

How to Prepare ISA Server for SSL

How SSL Bridging Works

How SSL Tunneling Works

How to Configure a New Secure Web Publishing Rule

What Is Secure Sockets Layer?

Web Server Web

Server

Server Authentication Client Authentication

Encrypted SSL Connection

Encrypted SSL Connection

Den-Web-01.cohovineyard.comHow to Prepare ISA Server for SSL

ISA Server ISA

Server www.cohovineyard.com

How SSL Bridging Works

ISA Server ISA

Server

How SSL Tunneling Works

ISA Server ISA

Server

How to Configure a New Secure Web Publishing Rule

SSL Web Publishing Rule Wizard configuration:

Practice: Configuring Secure Web Publishing

Enabling Access to the Certificate Authority Web Site

Installing a Server Certificate Configuring a New Secure Web Publishing Rule

Testing the Secure Web Publishing Rule

Lesson: Configuring Server Publishing

Server Publishing Configuration Options

How Server Publishing Works

How to Configure a Server Publishing Rule

How to Publish Media Services

How to Publish Microsoft SharePoint Portal Server How to Troubleshoot Web and Server Publishing

Server Publishing Configuration Options

Server publishing rules configuration:

CohoVineyard FTP Site

CohoVineyard Media Site

How Server Publishing Works

ftp://ftp.cohovineyard.com Media Publishing Rule: Port 1755

FTP Publishing Rule: Port 21

ISA Server ISA

Server

How to Configure a Server Publishing Rule

Server Publishing Rule Wizard configuration:

Practice: Configuring Server Publishing

Configuring a New Server Publishing Rule Testing the Server Publishing Rule

How to Publish Media Services

ISA Server includes protocol definitions and application filters for:

ISA Server includes protocol definitions and application filters for:

Microsoft Media Streaming protocol (MMS)

 Uses either TCP port 80 or TCP and UDP port 1755

 Enables access for Windows Media Player client

Progressive Networks protocol (PNM)

 Also called RealNetworks Streaming Media protocol

 Uses TCP port 7070

 Enables access for RealPlayer 5.0 and earlier clients

Real Time Streaming Protocol (RTSP)

 Uses port 554 for fast access and port 80 for slower access

 Enables access to media created and read with RealSystem G2 tools

Microsoft Media Streaming protocol (MMS)

 Uses either TCP port 80 or TCP and UDP port 1755

 Enables access for Windows Media Player client

Progressive Networks protocol (PNM)

 Also called RealNetworks Streaming Media protocol

 Uses TCP port 7070

 Enables access for RealPlayer 5.0 and earlier clients

Real Time Streaming Protocol (RTSP)

 Uses port 554 for fast access and port 80 for slower access

 Enables access to media created and read with RealSystem G2 tools

How to Publish Microsoft SharePoint Portal Server

ISA Server can securely publish this information to

the Internet using:

ISA Server can securely publish this information to

the Internet using:

Web publishing to publish the HTTP and HTTPS content

using path mapping and link translation to hide the

complexity of the internal network configuration

Flexible authentication to grant only the required level of

Web publishing to publish the HTTP and HTTPS content

using path mapping and link translation to hide the

complexity of the internal network configuration

Flexible authentication to grant only the required level of

A portal can present different types of information

stored on different servers on the internal network

How to Troubleshoot Web and Server Publishing

To troubleshoot Web and server publishing issues:

Check the resource availability

Check the DNS records

Check the error message

Check which ports the ISA Server is listening on

for connections

Check the publishing rule configuration

Check the SSL configuration and certificates

Check the resource availability

Check the DNS records

Check the error message

Check which ports the ISA Server is listening on

for connections

Check the publishing rule configuration

Check the SSL configuration and certificates

Lesson: Configuring ISA Server Authentication

How Authentication and Web Publishing Rules Work

ISA Server Web Publishing Authentication Scenarios

Using RADIUS for Authentication

How to Implement RADIUS Server for ISA Authentication

How Authentication and Web Publishing Rules Work Together

ISA Server uses authentication to grant access to

publishing rules:

ISA Server uses authentication to grant access to

publishing rules:

When the publishing rule specifies a user set other

than the All Users group

Based on the Web listener authentication methods

specified for a Web publishing or secure Web

publishing rule

By processing the firewall rules in order of priority

When a firewall rule matches, but requires

authentication, ISA Server will prompt for

user credentials

When the publishing rule specifies a user set other

than the All Users group

Based on the Web listener authentication methods

specified for a Web publishing or secure Web

publishing rule

By processing the firewall rules in order of priority

When a firewall rule matches, but requires

authentication, ISA Server will prompt for

user credentials

ISA Server Web Publishing Authentication Scenarios

ISA Server and Web server

authentication

ISA Server and Web server

authentication

ISA Server authentication ISA Server

authentication

Web Server authentication Web Server

authentication

ISA Server ISA

Server

Using RADIUS for Authentication

Using RADIUS for authentication means that ISA Server can authenticate users based on their Active Directory credentials without requiring that the computer running ISA Server be a

member of an Active Directory domain

Using RADIUS for authentication means that ISA Server can authenticate users based on their Active Directory credentials without requiring that the computer running ISA Server be a

member of an Active Directory domain

RADIUS Client RADIUS Server

Domain

Controller

ISA Server ISA

Server

To implement RADIUS authentication:

Configure ISA Server to use the RADIUS server and configure a Web listener to use RADIUS authentication

Configure ISA Server to use the RADIUS server and configure a Web listener to use RADIUS authentication

3

Configure the Active Directory user accounts or configure remote access policies to enable dial-in access

Configure the Active Directory user accounts or configure remote access policies to enable dial-in access

Lab: Configuring Access to Internal Resources

Exercise 1: Configuring ISA Server Authentication and Secure Publishing Exercise 2: Testing the ISA