Contents
Overview 1
Introducing ISA Server 2
Using Caching 8
Using Firewalls 11
Deployment Scenarios for ISA Server 19
Review 24

Module 1: Overview of
Microsoft ISA Server



Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2001 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting,
Outlook, PowerPoint, Visual Basic, Visual C++, Visual Studio, Windows, Windows Media, and
Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries.

Other product and company names mentioned herein may be the trademarks of their respective
owners.


Module 1: Overview of Microsoft ISA Server iii


Instructor Notes
This module provides students with an introduction to Microsoft
®
Internet
Security and Acceleration (ISA) Server 2000 and defines the associated
functions and underlying concepts. The module is organized as a preview of the
course content and will be entirely lecture based.
After completing this module, students will be able to:

Explain the use of ISA Server.

Describe the use of Web caching.

Describe the use of firewalls.


Identify common deployment scenarios for ISA Server.

Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the Microsoft PowerPoint
®
file 2159A_01.ppt.
Preparation Tasks
To prepare for this module, you should:

Read all of the materials for this module.

Study the review questions and prepare alternative answers to discuss.

Anticipate questions that students may ask. Write out the questions and
provide the answers.

Review the ISA Server Web page (www.microsoft.com/isaserver/) for
updated information about ISA Server.

Read “Deployment scenarios” in ISA Server Help.

Read “ISA Server Usage Scenarios” in the white paper entitled “Internet
Security and Acceleration Server 2000 Installation and Deployment Guide”
under Additional Reading on the Trainer Materials compact disc.

Read the white paper titled “Internet Security and Acceleration Server 2000
Enterprise Edition: Deploying the Secure Firewall, Proxy, and Web Cache

at Microsoft” under Additional Reading on the Trainer Materials compact
disc.

Read RFC 2979, “Behavior of and Requirements for Internet Firewalls,”
under Additional Reading on the Trainer Materials compact disc.

Read RFC 2196, “Site Security Handbook,” under Additional Reading on
the Trainer Materials compact disc.

Read RFC 2504, “Users' Security Handbook,” under Additional Reading
on the Trainer Materials compact disc.

Read RFC 2828, “Internet Security Glossary,” under Additional Reading
on the Trainer Materials compact disc.

Presentation:
45 Minutes
iv Module 1: Overview of Microsoft ISA Server


Module Strategy
Use the following strategy to present this module:

Introducing ISA Server
Introduce ISA Server to students by briefly describing the product benefits.
Mention that the .NET Enterprise Servers animation is available on the
Student Materials compact disc.

Using Caching
Use the animated slide to describe the process that ISA Server uses to cache

Web content. Explain the three types of caching that ISA Server can use to
accelerate Web performance for both internal and external clients.

Using Firewalls
Discuss how a firewall protects the internal network from intruders on the
Internet by allowing only specific network traffic to come in to or to go out
of an internal network.
Describe the three types of firewall designs presented in the module.
Explain that this course uses the term perimeter network to refer to a
network that is separate from both the Internet and the private network and
that contains resources to make available to users on the Internet in a secure
manner. Because the terms DMZ and screened subnet are also commonly
used, tell students that these terms are interchangeable.
Ensure that students understand the terms and concepts associated with
controlling network access. These terms and concepts will be presented in
more detail throughout the course.

Deployment Scenarios for ISA Server
Before you discuss the different deployment scenarios, explain that the
examples that the module presents are just some of many possible scenarios.
Tell students that they can find more deployment scenarios in ISA Server
Help and in the printed product documentation.

Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
There are no labs in this module, and as a result, there are no lab setup
requirements or configuration changes that affect replication or customization.


Module 1: Overview of Microsoft ISA Server 1


Overview

Introducing ISA Server

Using Caching

Using Firewalls

Deployment Scenarios for ISA Server

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
The Internet enables organizations to connect with customers, partners, and
employees. Although this presents new business opportunities, it can also cause
concerns about security, performance, and manageability.
Microsoft
®
Internet Security and Acceleration (ISA) Server 2000 is designed to
address the needs of today’s Internet-enabled organizations. ISA Server
includes caching features that enable organizations to save network bandwidth
and provide faster Web access for users. ISA Server also includes a firewall
service that helps protect network resources against unauthorized access from
outside of the organization’s network, while enabling efficient authorized

access. Finally, ISA Server includes management and administration features
that enable organizations to centrally control and manage Internet use and
access.
After completing this module, you will be able to:

Explain the use of ISA Server.

Describe the use of Web caching.

Describe the use of firewalls.

Identify common deployment scenarios for ISA Server.

Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
about using ISA Server as a
cache server and as an
enterprise firewall.
2 Module 1: Overview of Microsoft ISA Server






Introducing ISA Server


ISA Server Editions

Benefits of ISA Server

Installation Modes

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
ISA Server is an enterprise firewall and cache server running on the Microsoft
Windows
®
2000 Server operating system that provides policy-based access
control, acceleration, and management of internetworking. ISA Server is
available in two editions that are designed to meet the business and networking
needs of your organization. Whether deployed as separate components or as an
integrated firewall and caching server, ISA Server provides organizations with a
unified management console that is designed to simplify security and access
management.
Topic Objective
To introduce ISA Server.
Lead-in
ISA Server provides benefits
and deployment options to
help organizations manage
Internet security and
access.

Module 1: Overview of Microsoft ISA Server 3


ISA Server Editions

ISA Server Standard Edition

ISA Server Enterprise Edition

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
ISA Server is available in two editions that are designed to meet the business
and networking needs of your organization.
ISA Server Standard Edition
The standard edition provides firewall security and Web caching capabilities for
small businesses, workgroups, and departmental environments. The standard
edition provides robust security, fast Web access, intuitive management, and
excellent price and performance for business-critical environments.
ISA Server Enterprise Edition
The enterprise edition is designed to meet the performance, management, and
scalability needs of high-volume Internet traffic environments with centralized
server management, multiple levels of access policy, and fault-tolerant
capabilities. The enterprise edition provides secure, scalable, and fast Internet
connectivity for mission-critical environments.
Topic Objective
To identify the ISA Server
editions.

Lead-in
ISA Server is available in
two editions that are
designed to meet the
business and networking
needs of your organization.
4 Module 1: Overview of Microsoft ISA Server


Benefits of ISA Server
Acceleration
Acceleration
Acceleration
Fast Web Access with a High-Performance Cache
Fast Web Access with a High-Performance Cache
Security
Security
Security
Secure Internet Connectivity Through a Multilayered
Firewall
Secure Internet Connectivity Through a Multilayered
Firewall
Management
Management
Management
Extensibility
Extensibility
Extensibility
Unified Management with Integrated Administration
Unified Management with Integrated Administration

Extensible and Open Platform
Extensible and Open Platform

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
ISA Server is a key member of the .NET Enterprise Server family. The
products in .NET Enterprise Server family are Microsoft’s comprehensive
family of server applications for building, deploying, and managing scalable,
integrated, Web-based solutions and services. ISA Server offers several benefits
to organizations that want fast, secure, and manageable Internet connectivity.

For more information about the .NET Enterprise Server family, view the
.NET Enterprise Servers animation, which is included on the Student Materials
compact disc.

Fast Web Access with a High-Performance Cache
ISA Server provides the following Web performance benefits:

Provides faster Web access for users by retrieving objects locally rather than
over a slower connection to the potentially congested Internet.

Reduces bandwidth costs by reducing network traffic from the Internet.

Distributes the content of Web servers and e-commerce applications
efficiently and cost-effectively to reach customers worldwide.



The capability for distributing Web content is available only in the ISA
Server Enterprise Edition.

Topic Objective
To describe the benefits
offered by ISA Server.
Lead-in
ISA Server offers an
organization several
benefits for Internet
connectivity.
Delivery Tip
To present more information
about the .NET Enterprise
Server family, play the .NET
Enterprise Servers
animation. The animation is
included on the Trainer
Materials compact disc.
Note
Note
Module 1: Overview of Microsoft ISA Server 5


Secure Internet Connectivity Through a Multilayered
Firewall
ISA Server provides the following security benefits:

Protects networks from unauthorized access by inspecting network traffic at
several layers.


Protects Web, e-mail, and other application servers from external attacks by
using Web publishing and server publishing to securely process incoming
requests to internal servers.

Filters incoming and outgoing network traffic to ensure security.

Enables secure access for authorized users from the Internet to the internal
network by using virtual private networks (VPNs).

Unified Management with Integrated Administration
ISA Server provides the following management benefits:

Controls access centrally to ensure and enforce corporate policies.

Improves productivity by limiting Internet use to approved applications and
destinations.

Allocates bandwidth to match business priorities.

Provides monitoring tools and produces reports that show how Internet
connectivity is used.

Automates commonly performed tasks by using scripts.

Extensible and Open Platform
ISA Server provides the following extensibility and customization benefits:

Addresses security and performance needs that are specific to an
organization by using the ISA Server Software Development Kit (SDK) for

in-house development of add-on components.

Extends security and management functionality with third-party solutions.

Automates administrative tasks with scriptable Component Object Model
(COM) objects.

6 Module 1: Overview of Microsoft ISA Server


Installation Modes

Cache Mode

Firewall Mode

Integrated Mode

Features Available with Each Mode

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
You can install ISA Server in three different modes: cache mode, firewall
mode, and integrated mode.
Cache Mode
In cache mode, you can improve network performance and save bandwidth by
storing frequently accessed Web objects closer to the user. You can then route

requests from clients to a cache server that holds the cached objects.
Firewall Mode
In firewall mode, you can secure network traffic by configuring rules that
control communication between an internal network and the Internet. You can
also publish internal servers, which enables an organization to share data on its
network with partners or customers.
Integrated Mode
In integrated mode, you can combine the firewall and cache services on a single
host computer. Although organizations can deploy ISA Server as a separate
firewall or as a separate caching server, you can combine the firewall and cache
server by choosing integrated mode. Many organizations can benefit from
unified administration of caching and firewall functions.
Topic Objective
To identify the installation
modes and associated
features of ISA Server.
Lead-in
There are three modes for
installing ISA Server.
Module 1: Overview of Microsoft ISA Server 7


Features Available with Each Mode
Depending on which mode you select, different features are available. The table
below lists the features that are available for the firewall and cache modes. In
integrated mode, all of the features are available.

Feature

Description

Firewall
mode
Cache
mode

Access policy Defines which protocols and Internet
content that clients who are located
behind an ISA Server computer can use
and which content they can gain access
to.
Yes HTTP
and FTP
only
Web caching Stores frequently retrieved Web objects
in random access memory (RAM) and
on the hard disk of an ISA Server
computer.
No Yes
VPNs Extend a private network by using links
across shared or public networks like the
Internet.
Yes No
Packet filtering Controls the flow of IP packets to and
from the external adapter of an ISA
Server computer.
Yes No
Application filters Perform protocol-specific or system-
specific tasks, such as authentication, to
provide an extra layer of security for the
firewall service.

Yes No
Web publishing Makes internal Web servers available to
external clients.
No Yes
Server publishing Makes internal application servers
available to external clients.
Yes No
Real-time
monitoring
Enables you to centrally monitor the
ISA Server computer activity, including
alerts, sessions, and services.
Yes Yes
Alerts Notify you when specific events occur
and execute corresponding actions.
Yes Yes
Reports Summarize and analyze the activity
occurring on one or more ISA Server
computers.
Yes Yes

Delivery Tip
Explain that the tasks
associated with each of
these features will be
presented during the
course.
8 Module 1: Overview of Microsoft ISA Server







Using Caching

The Caching Process

Types of Caching
Cache

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
Caching improves network performance by maintaining a cache of frequently
accessed Web objects. You can deploy ISA Server as a forward caching server
to improve the speed at which users on your internal network can access
Internet resources. You can also deploy ISA Server as a reverse caching server
to improve the speed at which external users can access selected Web resources
that you make available to the Internet. In addition, you can distribute the cache
across multiple ISA Server computers. By distributing the cache, a client can
access content from the ISA Server computer that is closest to the client.
Distributed caching also provides load balancing and fault tolerance in a
network that has multiple ISA Server computers.
Topic Objective
To introduce the topics
related to the use of
caching.

Lead-in
ISA Server caching
improves network
performance by maintaining
a cache of frequently
accessed Web objects.