Add-ins: Concepts

Security policies and implementation vary from organization to organization. Traffic volume and content formats also pose unique concerns. Because one product or vendor cannot meet all of the security and performance needs of a large organization, Microsoft Internet Security and Acceleration (ISA) Server 2006 is highly extensible. ISA Server includes a comprehensive software development kit (SDK) for custom development. Also, a large number of independent vendors offer compatible and complementary solutions that extend ISA Server and integrate with ISA Server. These third-party offerings include content security tools, such as virus scanning and lexical analysis, and management tools, such as real-time monitoring, remote administration, site blocking, Uniform Resource Locator (URL) categorization, reporting, and more. The ISA Server SDK includes full API documentation, step-by-step directions, and examples of source code for developing extensions and add-in components.

ISA Server uses these extensibility mechanisms:

• Extensible administration. You can write scripts or management tools using the administrative Component Object Model (COM) object, with programmatic read/write access to all management options.
• Application filters. You can develop application filters that intercept, analyze, or modify any data stream.
• Web filters. You can create Web filters, based on Internet Server API (ISAPI), for viewing, analyzing, blocking, redirecting, or modifying Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) traffic.
• Extensible user interface. You can extend the ISA Server interface with Microsoft Management Console (MMC) snap-ins.
• Extensible alerts. You can define new events and scripts that are automatically launched in response to events.
• Extensible storage. You can register additional information for storage with ISA Server configuration, which centralizes management of add-in filters and tools.

Installing add-ins

Application filters and Web filters developed by third-party vendors can be installed on the ISA Server computer. For ISA Server 2006 Enterprise Edition, when you install add-ins in an enterprise environment, be sure to install the add-ins on each member of the array. To avoid installation issues, do not install the add-ins on the array members simultaneously.

For ISA Server 2006 Enterprise Edition, array and enterprise administrators can install and register add-ins on the ISA Server computer. The ISA Server administrator does not need to belong to the Administrators group of the local computer. When the array or enterprise administrator registers the add-in, the add-in is loaded to the Microsoft Firewall service process, which runs under the Network service account.

Enterprise-level add-ins

ISA Server 2006 Enterprise Edition only

Add-ins can be configured at the enterprise level and at the array level. When an add-in is enabled at the enterprise level, it is also applied to each array. When an add-in is disabled at the enterprise level, the add-in can be enabled by the array administrator for each array. Add-ins enabled at the enterprise level cannot be disabled at the array level.

---

Get latest ISA Server content at ISA Server Guidance. Send feedback about this page.

• English-to-Russian translation