Managing ISA Server in the Enterprise

Managing and Configuring ISA Server Arrays

The ISA Server Enterprise Edition provides integration with the Active Directory and additional benefits and features such as centralized server management, multiple levels of access policy, server clustering through arrays, fault-tolerant, and the increased efficiencies of hierarchical and distributed caching. The ISA Server Enterprise Edition uses Cache Array Routing Protocol (CARP) to provide scaling and improve efficiency. When you install multiple ISA Server computers, ISA Servers are automatically installed in arrays. The array of ISA Servers is then treated as a single logical cache. A hashing algorithm determines the location for storage, and hash-based routing is used to retrieve the location of the stored object when requests are made.

The ISA Server Enterprise Edition enables administrators to arrange individual ISA Server computers or arrays of ISA Servers hierarchically. This process is also referred to as chaining. Requests are then sent upstream through the chain of servers until the object which was requested is located. Chaining provides fault tolerance. Content can be distributed to multiple locations without making requests on the Internet.

With ISA Server Enterprise Edition, you can structure and manage multiple tiers of ISA servers:

• Multiple arrays of ISA servers can be deployed.

• You can configure and apply enterprise level policies to arrays of ISA servers.

• You can configure multiple enterprise level policies.

You can configure a policy for an ISA Server array or an ISA Server Enterprise. The different policy-based rules that you can configure are:

• Bandwidth rules; used to define priorities for requests, based on:

  • Protocol definitions

  • Destination sets

  • Client address set

  • Content group

  • Required priority

• Protocol rules; used to define which protocols clients can use to access the Internet.

• Site and content rules; used to define which sites and content can be accessed.

As mentioned previously, enterprise level policies can be created and be assigned to specific ISA Server arrays. The steps you have to perform to manage distributed arrays of ISA servers are listed here:

• Create enterprise policies.

• Assign the enterprise policies to the array.

• Create rules and apply filters at the enterprise policy level.

• Create rules and apply filters at the array level.

The different policy scope that can be defined and assigned to an array is listed below:

• Combined Array and Enterprise Policy: Here, management is typically divided between enterprise level policies and array level policies.

• Enterprise Policy Only: Policies are configured and applied at the enterprise level. The very first enterprise level policy is created when you install the first ISA Server array. It is created when you run the ISA Server Enterprise Initialization process to add the ISA Server classes and attributes to Active Directory. ISA Server is installed as a standalone server if you have not run the ISA Server Enterprise Initialization process to update the Active Directory schema. If you have run the ISA Server Enterprise Initialization process to update the Active Directory schema, then you can choose the array that should be joined. To initiate the ISA Server Enterprise Initialization process, you have to be a member of Enterprise Administrators and Schema Administrators.

• Array Policy Only: Configured enterprise level policies define control at the array level. If you create Array Policy Only policies, then all rules are written at the array level. Policies that are created are applied to all ISA servers within the array.

When planning to deploy ISA Server arrays, consider the followin important factors:

• You have to create a Windows Server 2003 domain or a Windows 2000 domain if you want to install ISA Server arrays.

• When it comes to ISA Server arrays and Windows NT 4.0 domains, ISA Server arrays have to be installed on a Windows 2000 domain or later. If you have to support Window NT 4.0 clients, you can use an Active Directory trust relationship to join the Windows 2000 domain to the Windows NT 4.0 domain.

• When you are migrating a Proxy Server array, then you have to first remove all array members from the Proxy Server array. When you run ISA Server Setup, you have to create an ISA Server array and then move each of the removed Proxy Server array members to the ISA Server array.

• If migrating a Proxy Server array to an ISA Server array, your enterprise policies will determine how Proxy Server settings are migrated.

When arrays of ISA servers are deployed, you manage ISA Server by:

• Create ISA Server arrays.

• Define and assign enterprise policies to arrays.

• Define policies.

• Promote standalone servers to array server membership.

• Backup your array and enterprise configurations. Array configuration includes:

  • Policy settings

  • Access policy rules.

  • Publishing rules.

  • Cache configuration settings.

  • Array properties settings

  • Alert configuration settings

• You should back up your array configuration when either of the following events occurs:

  • Change the installation mode of the array.

  • Modify enterprise policy settings.

  • Rename a server within the array

  • Add/remove servers from the array.

  • Add/remove Web filters.

  • Change the location of the ISA Server cache.

  • Change the size of the ISA Server cache.

How to run ISA Server Enterprise Initialization

1. Apply the latest Windows service packs and security updates.

2. Apply the latest ISA Server 2000 service pack.

3. Place the ISA Server Enterprise Edition CD-ROM in the CD-ROM drive.

4. On the Microsoft ISA Server Setup screen, select the Run ISA Server Enterprise Initialization option.

5. If this is the first ISA Server in the forest, click Yes to the ISA Enterprise Initialization message that appears, stating that the ISA Server schema will be installed to Active Directory and that this process cannot be reversed.

6. The ISA Enterprise Initialization dialog box presents the following options:

1. • Use Array Policy Only option.

1. • Use This Enterprise Policy option: If you select this option, you have to enter the enterprise policy name in the provided textbox. You also have the option of selecting the Allow array-level access rules that restrict enterprise policy checkbox.

7. Select the Use Array Policy Only option.

8. Select the Allow Publishing Rules checkbox if you want to publish your internal servers and enable external clients to access them.

9. Uncheck the Force Packet Filtering On The Array checkbox. Leaving the checkbox enabled results in packet filtering always being enabled for the ISA Server arrays within the enterprise.

10. Click OK.

11. The ISA Enterprise Initialization progress message is displayed next. The message indicates that the ISA Server schema has extended the Active Directory schema. You can now configure ISA Server as a member of the array.

12. Click OK.

How to create a new array

1. Open the ISA Management console.

2. Right-click the Servers and Arrays node and then click New Array from the shortcut menu.

3. Provide the name of the new ISA Server array and then click Next.

4. Specify the name of the domain for the server on the Domain Name page and then click Next.

5. On the Create Or Copy An Array page, choose whether to create a new array or whether the configuration of an existing array should be used. Click Next.

6. If you have chosen to create a new array, choose the desired settings on the Enterprise Policy Settings page:

   • Do Not Use Enterprise Policy

   • Use Default Enterprise Policy Settings

   • Use Custom Enterprise Policy Settings

7. Click Next.

8. On the Array Policy Options At Enterprise Level page, choose the array policy options at the enterprise level:

   • Allow Publishing Rules To Be Created On The Array

   • Force Packet Filtering On The Array

9. Click Next.

10. On the Array type page, choose the array type.

    • Cache only

    • Firewall only

    • Integrated.

11. Click Next.

12. Click Finish.

How to promote a standalone server to array membership

1. Open the ISA Management console.

2. Right-click the applicable server and then click Promote from the shortcut.

3. Click Yes, to the message needing verification that the server should be promoted to array membership.

4. The Enterprise Policy Settings dialog box opens.

5. Select either of the following options:

• Use Default Enterprise Policy Settings

• Use Custom Enterprise Policy Settings

6. If you have selected the Use Custom Enterprise Policy Settings option then select one of the following options:

• Use Array Policy Only
• Use This Enterprise Policy

7. If you have selected the Use This Enterprise Policy option, then you must choose one of, or both of the following options:

8. If you have selected the Use Custom Enterprise Policy Settings option, then you can enable/disable the Allow Publishing Rules To Be Created On The Array checkbox.

9. You can also enable/disable the Force Packet Filtering On The Array checkbox.

10. Click OK.

How to back up array configuration information

1. Open the ISA Management console.

2. Right-click the ISA Server array that you want to back up and then select Back Up from the shortcut menu.

3. The Backup Array dialog box opens.

4. Enter the location where the backup should be stored in the Store Backup Configuration In This Location textbox.

5. Provide a name for the array configuration backup file.

6. In the Comment box, you can enter a comment for the backup file.

7. Click OK.

8. The Backup Array message box is displayed once the backup completes.

9. Click OK.

How to restore array configuration information

1. Open the ISA Management console.

2. Navigate to and right-click the array that you want to restore and then select Restore from the shortcut menu.

3. Click Yes to the warning displayed, stating that your existing array configuration information will be overwritten.

4. The Restore Array dialog box opens.

5. Enter the location and name of the backup file in the Restore Array Configuration From The Following Backup (.bif) File textbox.

6. Click OK.

7. The Restore Array message box is displayed once the restore process completes.

8. Click OK.

How to create an enterprise policy

1. Open the ISA Management console.

2. Navigate to and expand the Enterprise node.

3. Right-click the Policies node and select New and then Policy from the shortcut menu.

4. The New Enterprise Policy Wizard launches.

5. Follow the various prompts of the wizard to create your enterprise policy.

How to apply the enterprise policy of an array

1. Open the ISA Management console.

2. Right-click the array and then select Properties from the shortcut menu.

3. Click the Policies tab.

4. Select the Use Custom Enterprise Policy Settings option.

5. Select the enterprise policy that you want to apply to the array.

6. Click OK.

How to configure default enterprise policy settings

1. Open the ISA Management console.

2. Navigate to and expand the Enterprise node.

3. Right-click the Enterprise node and select Set Defaults from the shortcut menu.

4. The Set Defaults dialog box opens.

5. If you only want array policy applied to the ISA Server array, select the Use Array Policy Only option.

6. If you only want enterprise policy applied to the ISA Server array, select the Use Enterprise Policy Only option.

7. After selecting the Use This Enterprise Policy option, select the enterprise policy that should be applied to the array.

8. If you want array level policy rules to restrict enterprise policy, enable the Allow Array-level Access Policy Rules That Restrict Enterprise Policy checkbox.

9. Click OK.

How to back up enterprise configuration information

1. Open the ISA Management console.

2. Right-click the Enterprise node and then select Back Up from the shortcut menu.

3. The Backup Enterprise Configuration dialog box opens.

4. Enter the location where the backup should be stored in the Store Backup Configuration In This Location textbox.

5. Provide a name for the enterprise configuration backup file.

6. In the Comment box, you can enter a comment for the backup file.

7. Click OK.

8. The Backup Enterprise Configuration message box is displayed after the backup has completed successfully.

9. Click OK.

How to restore enterprise configuration information

1. Open the ISA Management console.

2. Navigate to and right-click the Enterprise node and then select Restore from the shortcut menu.

3. Click Yes to the warning displayed, stating that your existing configuration information will be overwritten.

4. The Restore Enterprise Configuration dialog box opens.

5. Enter the location and name of the backup file in the Restore Enterprise Configuration From The Following Backup (.bif) File textbox.

6. Click OK.

7. The Restore Enterprise message box is displayed once the restore process completes.

8. Click OK.

How to enable Cache Array Routing Protocol algorithm (CARP)

1. Open the ISA Management console.

2. Right-click the ISA Server array which you want to configure and then select Properties from the shortcut menu.

3. Click the Incoming Web Requests tab and enable the Resolve Requests Within Array Before Routing checkbox.

4. Alternatively, click the Outgoing Web Requests tab and then enable the Resolve Requests Within Array Before Routing checkbox.

5. Click OK.

How to configure intra-array communication

1. Open the ISA Management console.

2. Select the Computers node.

3. Right-click the server which you want to configure and then select Properties from the shortcut menu.

4. Click the Array Membership tab.

5. Enter the intra-array IP address.

6. Click OK.

How to configure the load factor

1. Open the ISA Management console.

2. Select the Computers node.

3. Right-click the server which you want to configure and then select Properties from the shortcut menu.

4. Click the Array Membership tab.

5. Enter the load factor in the Load Factor box.

6. Click OK.

How to configure DNS servers for an array

1. Click Start, Administrative Tools, and then open DNS management console.

2. Expand the Forward Lookup Zones node

3. Right-click the domain which hosts the ISA Server array, and then select New Host from the shortcut menu.

4. The New Host dialog box opens.

5. Enter the DNS computer name for the ISA Server array in the Name textbox.

6. Enter the IP address of the new host in the IP Address textbox.

7. Click the Add Host button.

8. The new host record is added to the zone.

9. Use the same process to configure each ISA Server computer.

How to plan Network Load Balancing (NLB) for ISA Server

You can utilize the process below as a guideline for planning Network Load Balancing (NLB) for ISA Server:

• Check that each ISA server in the cluster is configured with the same mode.

• Assign a unique IP address to the cluster.

• Assign a fully qualified domain name for the IP address. The primary network address of the internal interface adapter of the ISA Server computer uses this address. You have to configure the same primary address for each ISA Server computer.

• Set the priority for each ISA Server computer in the cluster.

• Configure the dedicated IP address as the IP address of the ISA Server's internal network adapter.

How to configure the NLB interface

1. Access the properties page of the internal interface network adapter.

2. In the Components Checked Are Used By This Connection: box, select the Network Load Balancing checkbox

3. Click Properties.

4. The Network Load Balancing Properties dialog box opens.

5. On the Cluster Parameters tab, enter the following settings for the cluster

   • Primary IP address of the cluster.

   • Subnet mask.

   • Full Internet name.

   • Remote password

6. Click the Host Parameters tab and enter the following settings for the cluster

   • Priority.

   • Dedicated IP address.

7. Click OK in the Network Load Balancing Properties dialog box.

8. Click OK.