Network View

Microsoft Internet Security and Acceleration Server 2000

Network View

The following figure shows the architecture of ISA Server on the network scale.

ISA Server is typically configured on a computer with two network interfaces. One network interface connects directly to the private network, while the other interface connects to the public Internet. The interfaces can be any type that permits protocol bindings. On a local area network (LAN), for example, Ethernet, token ring network, or Attached Resource Computer Network (ARCnet) is commonly bound to Transmission Control Protocol/Internet Protocol (TCP/IP) or NetBIOS Enhanced User Interface (NetBEUI). An Internet connection might use a modem, Integrated Services Digital Network (ISDN), or network interface that connects to a router that connects to the Internet.

At the center of ISA Server is the administrator's computer. The administrator's computer links the functionality of the ISA Server, the Active Directory™ in Microsoft® Windows® 2000, and the ISA Component Object Model (COM) object. The administrator can also manage clients from a remote location by using either ISA Management or scripting. For information on ISA Management, see the ISA product documentation. For more information on scripting, see ISA Administration Scripting.

Note Enterprise Edition arrays use Active Directory. A stand-alone enterprise server, or a Standard Edition server, would be registry-based. For more information on the two editions, see Enterprise Edition and Standard Edition.

The administrator's tasks include establishing ISA Server rules and policies, and configuring the cache. ISA Server rules determine how ISA Server clients communicate with the Internet and the type of communication that is allowed. These rules also determine how servers on your local network communicate with Internet users. A policy consists of site and content rules, protocol rules, Web publishing rules, and IP packet filters.

A policy can be applied at the array level or the enterprise level. The enterprise consists of all the arrays in the network. Enterprise policies can be applied to all or some of the arrays in the enterprise. In addition, an array policy may apply to one or more arrays. For more information, see the ISA product documentation.

Four items are shown in the network view figure:

The remote computer from which an administrator administers ISA Server.
The ISA Server array, consisting of at least one computer. The ISA Server array is shown in the Server View figure.
Active Directory, located on a separate computer. Active Directory stores information about all the objects on a network, including users and computers, and stores enterprise and domain-array policy and registration information related to ISA and its extensions. Active Directory distributes that information throughout the network. The registry on the ISA computer can perform these functions where Active Directory is not in use.
For more information, see Active Directory in the Windows 2000 documentation.
The clients and servers that use the ISA Server firewall and cache capabilities.

You can programmatically perform or automate ISA administration tasks by accessing the ISA COM objects. For more information, see ISA Administration Scripting.