When Microsoft released Internet Security and Acceleration (ISA) Server 2000 in late 2000 as a successor to Microsoft Proxy Server 2.0, the new product positioned the company as a serious contender in the network security market. As a Web-caching proxy server and firewall, ISA Server filters several layers of Open System Interconnection (OSI) model traffic (for information about the various types of firewall filtering, see the sidebar "Types of Firewall Filters," page 40). ISA Server also supports server publishing and can be part of a VPN solution. Given these capabilities, several respected security audit teams have identified ISA Server post—Service Pack 1 (SP1) and later versions as a first-rate network defense tool.
To build on this solid foundation, Microsoft has partnered with dozens of companies to enhance ISA Server's capabilities through third-party products. (The complete partner list is available at http://www.microsoft.com/isaserver/partners/default.asp.) Many of these third-party products enhance performance, ease monitoring and administration, and improve or add security features. Let's look at just a small cross-section of these ISA Server add-ons.
Performance Enhancements
ISA Server performance-enhancing add-ons improve on Microsoft's already strong caching, load balancing, and fault tolerance feature sets. In addition, you can improve performance by off-loading security processing to an add-on processor. Performance add-ons fall into three categories: caching, high availability and load balancing, and Secure Sockets Layer (SSL) acceleration and key management.
Caching. ISA Server comes with its own configurable, high-performance HTTP, FTP, and Gopher caching algorithms. As a result, many third-party caching add-ons focus on a particular niche. For example, Chutney Technologies' Chutney Apptimizer (formerly called PreLoader) increases ISA Server's throughput of Web applications traveling to and from the end user. Apptimizer consists of a library of runtime APIs that you include in the Web application coding. The Apptimizer database engine caches Web content and acts as a fast intermediary between the end user and Web server. With its new Simple Object Access Protocol (SOAP) 3 support, Apptimizer is ready for Web services.
High availability and load balancing. You can cluster multiple ISA Server systems for load balancing and fault tolerance. Third-party products typically offer more load-balancing algorithms; fast, specialized processors; secondary RAM caches, and other security features. F5 Networks' BIG-IP switches are external devices that provide load balancing, fault tolerance, and SSL acceleration for traffic in OSI model layers 4 through 7. BIG-IP switches work with any IP traffic, not just Web traffic, and use rules and scripting to let administrators customize load balancing. Several BIG-IP products are available, the fastest of which provides 2.5GHz of processing power.
Radware refers to its FireProof enterprise security product as a security application switch. FireProof is an external layer-4-through-7 switch built to load balance, optimize, and provide high availability for firewalls, VPN systems, and gateways. FireProof has five different load-balancing routines, including one that can poll ISA Server boxes for six predefined variables to determine optimization. Radware says one FireProof device can support up to 100 ISA Server systems and offers limited intrusion detection and protection against Denial of Service (DoS) attacks.
Rainfinity's RainConnect provides load balancing and failover redundancy on networks with two or more ISP connections. You can deploy the software on a standalone server or on top of ISA Server. RainConnect sends unsophisticated Ping (Internet Control Message Protocol—ICMP—echo) test packets to predefined hosts to monitor the health of each connection. Like most other fault-tolerance products discussed in this review, during a failover event, the active connections running on the broken link are lost but can be reconnected over other available links.
Another Rainfinity product called RainWall can be installed on an existing ISA Server system within an ISA Server cluster to provide high availability and load balancing. Rainwall deploys virtual IP (VIP) addresses on each server's interface and monitors each server's health, including the status of ISA Server and RRAS services. When a server or monitored service fails, RainWall automatically fails that server over to another ISA Server node. RainWall also handles administrative shutdowns for maintenance work and brings the server back into the cluster automatically when the administrator restarts it. You use a Microsoft Management Console (MMC) snap-in to administer both RainConnect and RainWall.
Stonesoft's StoneBeat FullCluster for ISA Server provides load balancing and high availability between multiple ISA Server boxes. The software distributes loads according to process utilization and packet throughput. StoneBeat FullCluster for ISA Server uses a customizable test subsystem located on each participating node to monitor server health. Remote administrators can use an SSL-encrypted Java client to securely manage the product.
Prev. page
[1]
2
3
4
next page 
