Microsoft Internet Security and Acceleration Server 2004 SDK

Server View

ISA Server works at various communication layers to protect the corporate network. At the packet layer, ISA Server implements packet filtering. Data then passes to the Firewall and to the Web proxy, where ISA Server rules are processed to determine if the request should be serviced.

The following figure shows in detail the architecture of the ISA Server array.

An ISA Server may be included in an array, to allow for load balancing and fault tolerance. This is described further in the Internet Security and Acceleration Server 2004 product documentation. The following explanation focuses on the architecture of a single ISA Server. The server includes these components:

ISA Server also makes use of the bandwidth control of Quality of Service (QoS) in Windows 2000. QoS is a collection of components that manages bandwidth use for a network. ISA Server applies QoS to connections according to rules established by the ISA Server administrator.

As shown in the diagram, ISA Server protects three types of clients:

Note  Firewall client and SecureNAT clients are mutually exclusive — that is, a client computer cannot be both a Firewall client and SecureNAT client. However, Firewall client computers and SecureNAT client computers might also be Web proxy clients. If the Web application on the computer is configured explicitly to use the ISA Server, then all Web requests (HTTP, FTP, HTTP-S, and Gopher) are sent directly to the Web proxy. All other requests are handled first by the Firewall service.