Lesson: Planning an ISA Server 2004 Enterprise Edition Deployment © ISA Server Enterprise Edition Deployment Scenarios © Planning the Configuration Storage Server Deployment © Planni
Trang 2© Overview of ISA Server 2004 Enterprise Edition
© Planning an ISA Server 2004 Enterprise Edition
Deployment
© Implementing ISA Server 2004 Enterprise Edition
Trang 3Lesson: Overview of ISA Server 2004 Enterprise Edition
© Why Deploy ISA Server Enterprise Edition?
© What Is Active Directory Application Mode?
© What Is a Configuration Storage Server?
© What Are Enterprise Policies?
© What Are Enterprise Networks?
© What Are Arrays and Array Policies?
© What Are Effective Policies?
© How Enterprise Edition Integrates with Network Load Balancing
© How Enterprise Edition Enables Virtual Private Networking
© How Enterprise Edition Enables Distributed Caching Using CARP
Trang 4
Animation - Comparing ISA Server 2004 Enterprise
Edition and Standard Edition
Trang 5
Why Deploy ISA Server Enterprise Edition?
© Easier management of multiple-server deployments
© More scalable Web proxy caching
© More scalable and fault-tolerant deployments
Trang 6What Is Active Directory Application Mode?
Ác
_Active Directory Application Mode:
`
© Is a Special mode of the Active Directory directory service
© Is an LDAP-compatible directory that does not require
© ADAM is installed when you install Configuration Storage
server
© You use ISA Server Management to manage the directory
information stored in ADAM
\
Trang 7
What Is a Configuration Storage Server?
Trang 8What Are Enterprise Policies?
© An ordered set of access rules and policy elements
defined at the enterprise level
© You can configure enterprise polices to be applied before
or after the array policy
© Configure policy elements that can be used when
configuring enterprise or array rules
Trang 9
What Are Enterprise Networks?
To use enterprise networks, you Can:
© Use the predefined enterprise networks, which are
associated with array networks of the same name
© Define enterprise rules using enterprise networks
© Use enterprise networks to enable communication
Trang 10What Are Arrays and Array Policies?
ọ
Array policy definition
© Aset of access rules and publishing rules applied to all array
members
© Anarray policy definition includes:
Policy elements that can define array rules
Array networks that define network configuration options
Trang 11
What Are Effective Policies?
Ác
Definition
© The resultant policy applied to an array member after the system
policy, enterprise policy and the array policy rules are evaluated based
© Enterprise policy rules applied before array firewall policy
Allow HTTP and HTTPS access to the Internet for all users
© Branch office array firewall policy rules
Allow all protocol access from the Internal network to the Internet for all authenticated users
Allow DNS protocol traffic from branch-office DNS servers
© Enterprise policy rules applied after array firewall policy
Enable DNS protocol traffic from main-office DNS servers
Trang 12
How Enterprise Edition Integrates with Network Load
© ISA Server provides NLB health monitoring
© Each network in an array can be configured for NLB
© ISA Server enables single affinity so clients always
connect to the same ISA Server computer
© ISA Server supports bi-directional affinity for front-
end/back-end firewall scenarios
Trang 13
How Enterprise Edition Enables Virtual Private Networking
Network load balancing can be integrated with virtual
private networking to enable:
© Network load balancing for remote access VPNs
The VPN clients must connect to the shared IP address
© Network load balancing for site-to-site VPNs
The remote-site VPN server must connect to the shared
Trang 14How Enterprise Edition Enables Distributed Caching
Using CARP
CARP enables distributed caching:
© Without duplication of cache content
© Without network traffic between ISA Server computers
© That can adjust to the addition or removal of array members
© That evenly distributes the cache or distributes the cache
based on load factors
CARP works by:
le Using a script on the Web client that selects the ISA Server
computer that will cache the Web content
© Using a script on the ISA Server computer to redirect client
requests to the ISA Server compute that will cache the Web
Trang 15Lesson: Planning an ISA Server 2004 Enterprise Edition Deployment
© ISA Server Enterprise Edition Deployment Scenarios
© Planning the Configuration Storage Server Deployment
© Planning Enterprise and Array Policy Configuration
© Planning for Centralized Monitoring and Management
© Migrating from ISA Server 2000 Enterprise Edition
Overview
Trang 16
ISA Server Enterprise Edition Deployment Scenarios
© Use centralized management using arrays
© Implement Network Load Balancing
Deploy ISA Server computers in a branch office to:
Trang 17Planning the Configuration Storage Server Deployment
Install the Configuration Storage server in a domain
Trang 18
Planning Enterprise and Array Policy Configuration
Guidelines for planning enterprise and array policies:
1 | Create an enterprise policy for each unique type of array
configure array level rules
5 When you create an array, choose what types of rules
can be created at the array level
publishing-rule requirements for the array
Trang 19
Planning for Centralized Monitoring and Management
Choose a remote administration option: either Remote
Desktop or ISA Server Management
Assign administrators to array administrative roles
Trang 20
Migrating from ISA Server 2000 Enterprise Edition Overview
© Use the ISA Server Migration Wizard to export the ISA
Server 2000 configuration to an xml file
© Install Configuration Storage server
© Import the xml configuration file into the Configuration
You can also upgrade individual ISA Server 2000 computers to
ISA Server 2004 after you deploy the Configuration Storage
server
Trang 21Lesson: Implementing ISA Server 2004 Enterprise Edition
La
© Requirements for Installing Enterprise Edition
© ISA Server Enterprise Edition Implementation Overview
© How to Install Configuration Storage Server
© How to Configure Enterprise Policies and Networks
© How to Configure Arrays and Array Policies
© How to Install ISA Server 2004 Enterprise Edition
© How to Configure an ISA Server Management Computer
+
Trang 22Requirements for Installing Enterprise Edition
-
Configuration Storage v
Server
ISA Server services v
Firewall Client Share Nó v v
Hardware requirements:
© Anetwork adapter for each connected network
© A network adapter for intra-array communication is recommended if
you implement NLB
© 150 MB of disk space plus space for caching and logging
Trang 23
ISA Server Enterprise Edition Implementation Overview
enterprise networks, as well as the required arrays and
array policies
3 Install additional Configuration Storage servers
4 | Install ISA Server services on one or more computers
Trang 24
How to Install Configuration Storage Server
( Install ISA Server services
The computer will be an 154 Server array member running I54 Server services
Mee CAR rie aati Installation Wizard x!
The computer will store the configurat
computers will connect to this server t The selected features will be installed
Component Selection
The computer will be an IS4 Server ar
=3 ~ | 154 Server Management j= Microsoft ISA Server 2004 Beta - Installation Wizard Xi
bl Management re = reel lent Installation 5 Enterprise Deployment Environment
J CC U MMMMMqyso -3 x | Configuratian 5tarage ser ee ñre your I5A Server enterprise computers deplayed in a single domain or across trusted tha ven
(* 7 am deploying in a single domain or in domains with trust relationships:
Select this option if all your IS4 Server computers and Configuration Storage servers are
in the same domain or in domains with trust relationships
DD This setting may be modified after Setup For details, see the Getting Started Guide
< Back | Next > | Cancel
Trang 25
Practice: Installing Configuration Storage Server
<
Trang 26How to Configure Enterprise Policies and Networks
Trang 27How to Configure Arrays and Array Policies
Main/Back-End ñrray Properties ?| xị
Configuration Storage Intra-Array Credentials | Assign Roles |
General Policy Settings
— Applied Enterprise Policy
Select the enterprise policy that will be ap Configuration Storage Inta-Aray Credentials | Km |
- Main/Back-End ñrray Properties ?| xị Specify the Configuration Storage server user = Lett configuration When the specified server is ul
only Access rules for this policy s
Array Firewall Policy Configuration Storage server [computer name
Specify which credentials an array member should use when
Array Firewall Policy Flule Types Alternate Configuration Storage server (optior
Select which types of rules can be create (* ‘Authenticate using the computer account of the array member
policy: |
a " : : ' 4, computer account can only be used when array
I¥ "Allow" access rules [3 seconds | |
J#Z Publishing rules ("Denw" and "Allnw'"
— ° ( 7 } Select the authentication type used for conne mac i c Authenticate using this account (for workgroup configuration only]
Help about array policy windows authentication |
1 ) To save these settings, this computer the specified Configuration Storage st
Trang 28Practice: Configuring Enterprise and Array Policies
Trang 29How to Install ISA Server 2004 Enterprise Edition
j= Microsoft ISA Server 2004 Beta - Installation Wizard
Locate Configuration Storage Server
Specify the Configuration Storage server and the credentials for connecting to
the server
Configuration Storage server (type the FQI [Microsoft ISA Server 2004 Beta - Installation Wizard x|
|den-dc-01 ,cnohovineward.com Array Membership
- Connection Credentials ——— Select the array membership For this I54 Server computer
(* Connect using the credentials of the
® Create anew array
c :
eee Lea ea Create a new array and add this IS4 Server computer to that array To create
User name: -— an array, you must have ry Microsoft IS4 Server 2004 Beta - Installation Wizard
array, you must have ISé
Êsssseseessse VN son ssssssoses55522
Trang 30How to Configure an ISA Server Management Computer
Configuration Storage Server Location
Specify the Configuration Storage server you will connect to For managing the
154 Server 2004 enterprise
Specify the location of the Configuratj
Configuration Storage Server Connection Wizar d
ñrray Connection Credentials Specify if the same or different credentials should be used to connect to the ISA
© On remote computer (remote man Server array members,
Enter the computer address or Full
ISA Server Management requires add l l l l
Note that for monitoring array
be added to the Remote Mang
Configuration Storage server Credentials Specify which credentials should be used to connect to the Configuration Storage server,
Connect to the array of 154 Server ca
(®) The same credentials used to conr
© Different credentials
Connect to the Configuration Storage server using:
@) Credentials of the logged-on user
©) Credentials of the Following user: