MCSE ISA Server 2000- P4

Chia sẻ: Cong Thanh | Ngày: | Loại File: PDF | Số trang:30

0
81
lượt xem
8
download

MCSE ISA Server 2000- P4

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

MCSE ISA Server 2000- P4: These books include a large amount and different kinds of information. The many different elements are designed to help you identify information by its purpose and importance to the exam and also to provide you with varied ways to learn the material.

Chủ đề:
Lưu

Nội dung Text: MCSE ISA Server 2000- P4

  1. Chapter 2 PLAN BEFORE ACTING: PREINSTALLATION ACTIVITIES 63 You need to know or arrange for name resolution for these servers either by hosting your own DNS servers or outsourcing name reso- lution with your ISP. If you will be managing your own DNS servers for purposes of Internet name resolution, be sure that you have taken the appropriate steps to establishing those DNS servers con- nectivity with the Internet. Establishing a Connection After you have configured the Windows 2000 server on which you will be installing ISA Server, test Internet connectivity. You may be able to ping your ISPs router from the server, or request that the ISP provide you with other tools or evidence of connectivity. Verify Name Resolution Verify DNS name resolution. Finally, use a browser to test name resolution to the Internet. From a browser on the Windows 2000 server, enter a Web site URL. If the home page is loaded, you are successfully reaching the Internet and DNS is providing name resolution. Routing rules on the ISA Server will configure and secure routing between the external network and servers on the internal network. If the ISA Server IP address is registered in external DNS server, you should test name resolution from the Internet to the ISA server. Although the ISA server is not installed and configured to forward requests to internally published server, you can verify that the server URL is resolving to the address of the ISA Server.
  2. 64 Par t I INSTALLATION AND UPGRADE CHAPTER SUMMARY Computer spec’d, configured, and installed? Internet connectivity KEY TERMS established and tested? Preparations for a smooth transfer locked and • Identd loaded? This chapter detailed the steps to do so. Head on to the next • Schema Admin Chapter to install ISA. • Enterprise Admin • Internet Connection Sharing • IPSec • L2TP • SNMP • Computer browser service • Fax service • License logging service • Distributed file system service • Distributed link tracking service • SMTP service
  3. Chapter 2 PLAN BEFORE ACTING: PRE-INSTALLATION ACTIVITIES 65 A P P LY Y O U R K N O W L E D G E Exercises 5. You want to provide an IPSec/L2TP VPN tunnel on the ISA Server. Management speculates that this will produce a bottleneck. What will you say? 2.1 Install and Configure Windows 2000 As this chapter emphasized, there are several steps to take prior to installing ISA Server. You will want to fol- low the recommendations detailed in this chapter to Exam Questions setup Windows 2000 to server as the ISA Server host. 1. The following services should be enabled on the Don’t forget to verify network and Internet connectiv- Windows 2000 server which will host the ISA ity. You might want to scan ahead to the exercises in Server. (The message screener option is required.) Chapter 3 and prepare more than one server in order Choose two correct answers. to be ready for those tasks. A. World Wide Web Estimated Time: 60 minutes B. SMTP 1. Install Windows 2000 Server or Advanced server C. Telephony and apply Service Pack 1 (or current service pack). D. Computer browser 2. Apply any recommended hotfixes. 2. The following steps should be taken prior to installing ISA Server. Choose two correct 3. Configure networking using recommendations answers. from this chapter. A. Install Windows 2000/ sp1. 4. Verify network connectivity. B. Join the Windows 2000 server to a Windows 5. Verify Internet name resolution. 2000 domain. C. Test network connectivity. Review Questions D. Configure the network cards via either DHCP or static IP addresses. 1. Why should you disable unnecessary services? 3. The ABCD Company is preparing a Windows 2. What will be the impact of disabling File Sharing 2000 computer for the installation of ISA Server on the external network card be? on its network. 3. Should RRAS be configured on the ISA Server Required Result: computer? The ISA Server computer will provide firewall 4. You can select RAID for the ISA Server. How and server hosting services. will you use them?
  4. 66 Par t I INSTALLATION AND UPGRADE A P P LY Y O U R K N O W L E D G E Optional Desired Results: Optional Desired Results: The ISA Server will be part of a centrally The ISA Server will be part of a centrally managed array of ISA Servers. managed array of ISA Servers. The ISA Server will provide Web caching The ISA Server will provide Web caching services. services. Proposed Solution: Proposed Solution: Service Pack 1 for Windows 2000 is applied to Service Pack 1 for Windows 2000 is applied to the Windows 2000 standalone server. The exter- the Windows 2000 standalone server. The server nal network card is configured with an Internet is joined to a Windows 2000 domain. The exter- addressable static IP address. Connectivity with nal network card is configured with an Internet the Internet and the internal network is tested. addressable static IP address. Connectivity with Hard drives are formatted with the FAT file sys- the Internet and the internal network is tested. tem. Recommend services are disabled or avail- Hard drives are formatted with the FAT file sys- able and working as prescribed. tem. Recommend services are disabled or avail- able and working as prescribed. Evaluation of Proposed Solution: Evaluation of Proposed Solution: Which results(s) does the proposed solution pro- duce? Which results(s) does the proposed solution produce? A. The proposed solution produces the required result but neither of the optional results. A. The proposed solution produces the required result but neither of the optional results. B. The proposed solution produces the required result and one of the optional results. B. The proposed solution produces the required result and one of the optional results. C. The proposed solution produces the required result and both of the optional results. C. The proposed solution produces the required result and both of the optional results. D. The proposed solution does not produce the required result. D. The proposed solution does not produce the required result. 4. The ABCD Company is preparing a Windows 2000 computer for the installation of ISA Server 5. The ABCD Company is preparing a Windows on its network. 2000 computer for the installation of ISA Server on its network. Required Result: Required Result: The ISA Server computer will provide firewall and server hosting services. The ISA Server computer will provide firewall and server hosting services.
  5. Chapter 2 PLAN BEFORE ACTING: PRE-INSTALLATION ACTIVITIES 67 A P P LY Y O U R K N O W L E D G E Optional Desired Results: C. Operating System on C, ISA on C., Cache on F, Logs on G. The ISA Server will be part of a centrally managed array of ISA Servers D. Operating System on D, ISA on C, Cache on E, Logs on G. The ISA Server will provide Web caching services. Proposed Solution: Disk 0 (C:) (D:) (E:) NTFS NTFS NTFS Service Pack 1 for Windows 2000 is applied to Disk 1 (F:) NTFS the Windows 2000 standalone server. The server Disk 2 (G:) is joined in a Windows 2000 domain. The exter- NTFS nal network card is configured with an Internet addressable static IP address. Connectivity with FIGURE 2.5 the Internet and the internal network is tested. Disk drive selection. Hard drives are formatted with the NTFS file system. Recommend services are disabled or available and working as prescribed. Answers to Review Questions Evaluation of Proposed Solution: 1. Removing unnecessary services improves effi- Which results(s) does the proposed solution ciency and reduces the possibility of successful produce? attack. Every additional service has its own vul- nerabilities. See the section, “Interoperation with A. The proposed solution produces the required and Requirements for Other Services.” result but neither of the optional results. 2. Disabling File Sharing on an external network B. The proposed solution produces the required card will prevent external connection to the file result and one of the optional results. system of the ISA server. If an external client can C. The proposed solution produces the required connect directly to the ISA Server file system, result and both of the optional results. there is a possibility that damage could be done to the server or the network it protects. See the D. The proposed solution does not produce the section “TCP/IP Network Card Configuration.” required result. 3. The RRAS service is compatible with ISA, in fact 6. Figure 2.5 represents the disk arrangement on ISA extends this service. However, the ISA Server computer A. Which of the following hard disk services should be used to create Virtual Private arrangements would be preferable for an ISA Networks, provide remote connectivity and Server computer? packet filtering features. Network address transla- A. Operating System on C, ISA on D, tion should be configured in ISA. The Internet Logs on E. B. Operating System on C, ISA on F, Cache on G, Logs on D.
  6. 68 Par t I INSTALLATION AND UPGRADE A P P LY Y O U R K N O W L E D G E Connection Sharing service should not be config- unless you require Active Directory integration. ured on the ISA Server. See the section, D is wrong. You should not configure the net- “Interoperation with and Requirements for Other work cards via DHCP. See the sections, Services.” “Windows 2000 Installation and Configuration” and “TCP/IP Network Card Configuration.” 4. Configure RAID level 1 (mirror) for the operat- ing system partition to provide redundancy. 3. A. Although the server may require additional Configure RAID level 5 (striping with parity) for steps to make it a more secure firewall, there is the logs to provide increased read performance. nothing in the initial configuration that will pre- See the section, “Hard Disk Requirements.” vent ISA Server from installing and being config- ured to provide firewall services. However, the 5. Special network cards are available which can two optional results cannot be met. First, because offload the IPSec encryption to their onboard the ISA server is not a member server in a processors. Card manufacturers test results show Windows 2000 domain, centralized management excellent throughput when these cards are used. of an array of ISA servers cannot be accom- IPSec/L2TP VPNs are more secure. See the sec- plished. Second, because the file system is FAT, tion, “Additional Hardware Requirements for Web caching services cannot be configured. See VPNs.” the sections, “Making Hardware Choices,” and “Windows 2000 Installation and Configuration.” Answers to Exam Questions 4. B. Now the computer is joined in a domain, Active Directory Schema modification and the 1. B, C. SMTP is necessary prior to the installation installation of ISA Server in an array can be of the message screener service. The firewall and accomplished. However, Web caching services Web proxy services are dependent on the cannot be provided until NTFS formatted disk Telephony service. A is incorrect. While you can space is available. See the sections, “Making install IIS on the ISA Server computer, it is not Hardware Choices,” and Windows 2000 necessary. D is incorrect. This service is not nec- Installation and Configuration.” essary. See the section, “Windows 2000 Installation and Configuration,” and 5. C. Now all requirements are met. See the sec- “Interoperation with and Requirement for Other tions, “Making Hardware Choices,” and Services.” Windows 2000 Installation and Configuration.” 2. A, C. Service Pack 1 is required. Network con- 6. C. Placing the operating system on a drive sepa- nectivity should be tested. B is wrong. Although rate from the cache or logs provides a greater you may want to join the Windows 2000 server chance of recovery. No other configuration here to a Windows 2000 domain, it is not necessary does that. See the section, “Hard Disks.”
  7. Chapter 2 PLAN BEFORE ACTING: PRE-INSTALLATION ACTIVITIES 69 A P P LY Y O U R K N O W L E D G E Suggested Readings and Resources 1. Information on licensing and pricing at 3. Lee, Thomas, Microsoft Windows 2000 TCP/IP http://www.microsoft.com/isaserver/pro- Protocols and Services Technical Services. ductinfo/pricing.htm. Microsoft Press, 2000. 2. Deployment of ISA Server at Microsoft: 4. Lieu, Cricket, et all, DNS and Bind. O’Reilly Planning, Deploying and Lessons Learned at & Associates, Third Edition, 1998, ISBN: http://www.microsoft.com/isaserver/tech- 1565925122. info/itgdeploy.htm.
  8. OBJECTIVES This chapter covers the following Microsoft-specified objectives for the Installing ISA Server section of the Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000 exam: Install ISA Server. Installation modes include integrated, firewall, and cache. . Construct and modify the Local Address Table (LAT). . Calculate the size of and configure the cache. There are two versions of ISA Server: . Standard. This version can only be installed on a standalone or member server. It cannot be part of an array. . Enterprise. The Enterprise edition can be part of an array and take advantage of the Active Directory to share policies. Each version can be installed in one of three modes: . Firewall. ISA Server will be a dedicated firewall. . Caching Server. ISA Server will be a caching server. Requests from the private network for access to public network services are filtered through ISA server’s rules and policies. Approved requests (unless they are SSL or HTTPS or otherwise configured will be cached on the ISA Server. Subsequent approved requests for this material are served from the ISA Server. Additional access to the Internet is not necessary. In caching mode, the ISA server can C H A P T E R 3 also be configured to forward requests from the public network to Web servers on the private net- work. The requested pages can be cached on ISA Server and served to the public network. Installing ISA Server
  9. OUTLINE OUTLINE . Integrated. In integrated mode, ISA Server is both Introduction 6 a firewall and a caching server. In addition to the preinstallation determinations, Installation Processes Common to Several you must understand how the ISA Server is to be Configurations 6 used, and configure two major parameters during installation. These parameters are the local LAT Constructing and Modifying the Local Address and the cache. When ISA Server is used as a Table (LAT) 7 caching server, the size of the cache will have LAT Problems 8 important implications for performance and opera- Configuring the LAT 9 tion. In the firewall mode, the LAT, or Local Address Table defines for ISA server which TCP/IP Configuring the Cache 9 addresses are considered to be on its local or private Cache Placement 11 network, and which subnets are considered to be Calculating Cache Size 12 on the public network. Improper LAT configura- Allocation of Memory for Caching 12 tion can prevent access to the private network from the local network. More importantly, it can be a Installing ISA Server 12 severe security liability allowing penetration of the private network from the public network. Installation Defaults 13 Standard Edition Generic Instructions 14 Troubleshoot problems that occur during setup. Enterprise Edition 17 Installing the ISA Server Schema in the . No installation process is without possibility for Active Directory 17 failure. While the ISA Server installation process is relatively smooth and easy, there are areas where Install ISA Server Enterprise Edition 20 possible problems can occur. Many of the problems Firewall/Integrated Mode: can be avoided if the installer is aware of the prob- Configuring the LAT 26 lem areas. Many of the installation failures can be Integrated/Caching Mode— corrected with the proper application of knowledge. Configuring the Cache 27 Unattended Setup 29 Installing Additional ISA Servers in an Array 32 Troubleshooting the Installation 35 Failed Installation 36 Can’t Install in Existing Array 36 Installation Fails to Complete—You Cannot Run the Uninstall Program 36 Was Installation Successful? 37 Verification Process 37 Event ID 14111 The ISA Server Cache Could Not Start 38
  10. OUTLINE S T U DY S T R AT E G I E S Event ID 14176, 14164, 14172 . Recognize that there are two important parts to The Disk Cache Failed to Initialize installing ISA server: and Is Disabled 38 • Placement of the server Event ID 14010, 14063 The Firewall • Choices made during installation Service Did not Start Due to Corrupt Data 38 . Install ISA multiple times. Before you decide A Generated LAT Is Not Correct 39 that, in your case, this is not necessary, con- You Are Unable to Access Internet sider the possible choices that must be made Resources 39 during installation. You have to choose whether Users Can Access Sites on to install in Caching mode, Firewall mode, or the Internet 39 both. You must make decisions about the Local Address Table and the cache. In addition, if this ISA Server is to participate in an array, you Uninstalling ISA Server 39 must select the appropriate hierarchical or lateral array. Chapter Summary 41 . During your installations, vary the options that you select. You will, of course, need multiple Exercises 43 systems for this exercise. If you have limited practice systems, a good approach is to make Review Questions 47 your systems dual boots of Windows 2000 and Exam Questions 48 install a different configuration of ISA Server on Answers to Review Questions 54 each boot so that you can return to them to Answers to Exam Questions 55 compare differences on future exercises. . Be especially sure to make two of your installa- tion exercises (one for caching and one for fire- wall) involve the Enterprise edition and install an array. If you leave these two servers installed at the finish of this chapter, you will be set to configure enterprise policies. The chapter review questions will test your knowledge of installation issues. . Understand which choices made during installa- tion will impact the configuration choices you can make after installation, as well as deter- mine if the server will meet the needs it was purchased to meet. . Realize a haphazard installation can leave the network more vulnerable to attack than before. (Additional risks can be added, the company thinks it is secure when it is not and thus does not follow previous good security practices.)
  11. 74 Par t I INSTALLATION AND UPGRADE INTRODUCTION If you understand the design principles behind determining where to place the server, this will lead to the proper preconfiguration of the server. The previous chapter presented various alternatives for fire- wall and caching server placement and the network configuration process that follows that choice. This chapter concentrates on the actual ISA Server installation steps. Because there are two versions of ISA Server, and three modes, six possible scenarios exist. You should know how all of them work. Although client issues are covered in another chapter, you should be aware that none of the six scenarios impact whether non-Microsoft clients can benefit from the introduction of an ISA Server. The ISA Server must be installed on a Windows 2000 Server, but clients of all operating system types can benefit from the firewall. INSTALLATION PROCESSES COMMON TO SEVERAL CONFIGURATIONS Install ISA Server. Installation modes include integrated, firewall, and cache. • Construct and modify the local address table (LAT). • Calculate the size of and the cache and configure it. • Install ISA Server as a member of an array. Although there are many ways that ISA Server can be installed, each installation has processes in common with the others. Table 3.1 lists these common installation processes that all, or some, installations may require.
  12. Chapter 3 INSTALLING ISA SERVICE 75 TABLE 3.1 W H I C H I N S TA L L AT I O N R E Q U I R E S W H AT ? Process Firewall Caching Integrated Configure the LAT Yes No Yes Configure the initial No Yes Yes cache Update Active Enterprise Enterprise Enterprise Director Schema version version version prior to installation Configure an Enterprise Enterprise Enterprise Enterprise Policy version version version Constructing and Modifying the Local Address Table (LAT) ISA Server firewall uses the Local Address Table (LAT) to determine IANA Private Address Ranges The three NOTE which addresses are in the internal or private network and which private address ranges identified by IANA are addresses are outside, in the public network. The LAT should con- specified in RFC 1918. (RFCs, or Requests for tain all IP address ranges that exist in the private network. It might Comments, are collaborative documents that also contain the private IP address ranges assigned by the Internet attempt to define rules and standards to be Assigned Numbers Authority (IANA) and detailed in RFC 1918. used on the Internet. For more information, or to look up RFC 1918, visit www.ietf.org.) This information is important information for these reasons: The private address ranges listed in this RFC á The firewall uses this list to determine which IP addresses are are never used on the public Internet. They within its private network, and which IP addresses are public, are and thus how to interpret its access rules. 10.0.0.0 to 10.255.255.255 (a single Class á The firewall client periodically downloads and always uses a A network) copy of the LAT to determine which address to forward to the 192.168.0.0 to 192.168.255.255 firewall, and which to request directly. (16 contiguous Class B networks) á SecureNAT clients do not have a copy of the LAT. Their 172.16.0.0 to 172.31.255.255 requests are forwarded to the ISA Server, which makes external (256 contiguous Class C networks. ) requests for them. If you install ISA Server in either firewall mode or integrated mode, you must configure the LAT.
  13. 76 Par t I INSTALLATION AND UPGRADE Addresses are added to the LAT in several ways: á ISA Server constructs the LAT based on the Windows 2000 routing table of the network card you identify during setup as being on the private network. á Adding the private address ranges from RFC 1918. á Manually adding the private address ranges from your network that are not present in the routing table. LAT Problems If the routing table is not constructed correctly, the LAT will be wrong. If the LAT is incorrect, requests for internal objects may be routed to the Internet and vice versa. This is annoying at the least, and can provide a security vulnerability. Configuring the LAT To configure the LAT, perform the steps outlined in Step by Step 3.1. STEP BY STEP 3.1 Configuring the LAT 1. During installation click the Configure the LAT button. After installation, right-click the Local Address Table object in the ISA Management console (Servers and Arrays\name\network configuration\Local Address Table). 2. To add IANA private address ranges, click the Add the Following Private Ranges check box. 3. To add addresses using the computers routing table, click the Add Address Ranges Based on the Selected Computer’s Windows 2000 Routing Table check box. 4. In Select Computer, click the desired computer. 5. Select the check boxes for the NIC whose address ranges are needed. Skip step 6. 6. To add entries click New, and then click LAT Entry. Add from and to addresses to specify a range.
  14. Chapter 3 INSTALLING ISA SERVICE 77 Configuring the Cache If the ISA Server is to be used as a caching server (Caching or Integrated mode), adequate disk space must be reserved to hold data acquired by the server and held for use by internal clients. Space may also be needed if the ISA Server is to be used for reverse proxy (caching of internal Web pages for the use of external clients). Three considerations are important: á Cache placement á Cache size á Allocation of memory to be used for caching Although there are general suggestions from Microsoft on calculat- ing cache size, the ISA Server documentation provides specific requirements as listed in Table 3.2 for forward caching. This infor- mation will help you plan ISA Server arrays by recognizing the appropriate requirements for computer hardware, RAM, and cache size. The best information will be information collected by monitor- ing your current configuration over time and applying this informa- tion to tune your ISA Servers. TABLE 3.2 FORWARD CACHING REQUIREMENTS Less than 500–2,000 More than 2,000 500 Users Users Users Computer Pentium II, Pentium III, Pentium III, 550 MHz configuration 300 MHz 550 MHz computer for each 2,000 users RAM 256MB 256MB 256MB for each com- puter (for each 2,000 users) Cache disk space 2–4GB 10GB 10GB for each computer (for each 2,000 users)
  15. 78 Par t I INSTALLATION AND UPGRADE Cache Placement The initial drive location for the cache and its minimum size are determined by the following: á Volume must be NTFS. á Drive must be a local, not a network drive. á A minimum of 5MB must be set aside for the cache or instal- lation will fail. á If a minimum of 150 free MB is available during installation, a minimum cache of 100MB will be suggested. á Best performance will be gained if the cache drive is different from the ISA Server installation drive. á Drives are selected during installation, but can be modified afterward. á Multiple drives can be configured to hold part of the cache. Convert to NTFS If you do not have a drive NOTE formatted with NTFS and need to do so but do not want to lose data already on the drive, Calculating Cache Size you can convert the drive from FAT to NTFS. A minimum of 5MB must be available for the cache, but what is the The command is best size to set aside for superior performance? The current recom- CONVERT volume /FS:NTFS mendation is to start with a minimum of 100MB and a minimum Volume represents the drive letter of the vol- of 0.5MB per Web proxy client, then round this up to the nearest ume you want to convert. The /V switch can MB. Of course, if more space is available that can also be allocated. be added at the end to provide verbose com- Thus, a user community of 1,005 using one ISA server configured ments on drive conversion. in caching mode would require a minimum of: 1,005 × 0.5MB + 100MB = 502.5MB + 100MB = 602.5MB = 603MB
  16. Chapter 3 INSTALLING ISA SERVICE 79 Allocation of Memory for Caching You can configure the amount of memory used for caching in the Advanced tab of the Cache Configuration Properties box. Allocation memory for caching is important because it affects the performance of the system. INSTALLING ISA SERVER Prior to installing a new product, it is helpful to view step-by-step instructions. The sections that follow detail installation defaults and list steps for installing ISA Server. The instructions are divided into three parts: á First, information on installation defaults and a general set of instructions, one that does not go into detail where there are diverging paths, is listed. á Next, individual instructions are listed for each of these options. á Finally, additional steps are provided for installation issues such as installing additional array members, uninstalling ISA Server, and unattended setup. Table 3.3 displays the important installation choices allowed by the various versions and modes of ISA Server. TABLE 3.3 ISA S E R V E R I N S TA L L AT I O N C H O I C E S Mode Standard Enterprise Caching Single server, Must have Active Directory in order no Active Directory to place servers in an array and utilize Enterprise Policies. Firewall Integrated
  17. 80 Par t I INSTALLATION AND UPGRADE Installation Defaults After installation the following settings are in place: á Access Control. A default site rule (Allow Rule) allows all clients access to all content on all sites at all times. However, there is no protocol rule so no traffic can pass through the server. á Alerts. The “All port scan attack,” “Dropped packets,” “Protocol violation,” and “UDP bomb attack” alerts are not active. All others are. á Caching (caching or integrated mode). Cache size is set to a size specified during setup. Active caching is disabled. HTTP and FTP caching are enabled. á Local Address Table (firewall or integrated mode). Consists of those entries made during installation. á Packet filtering. In Firewall mode and Integrated mode, this is enabled. In Caching mode, this is disabled. á Publishing. No publishing. Requests are discarded. á Policy (enterprise addition; arrays). Default policy installed. Enterprise policy sets the policy. Arrays do not restrict the policy. Standard Edition Generic Instructions The installation of a Standard edition ISA server is reasonably straightforward (see Step by Step 3.2). Two areas of configuration might be necessary: cache size (Integrated and Caching modes) and LAT (Integrated and Firewall modes). Detailed information on these modes is provided in the Enterprise edition installation instructions later in this chapter.
  18. Chapter 3 INSTALLING ISA SERVICE 81 STEP BY STEP 3.2 Standard Edition Generic Setup 1. If you have not updated your installation to Windows 2000 Service Pack 1 (or current service pack and/or appropriate hotfixes), do so before continuing. 2. Insert the Standard Edition CD-ROM. 3. From the Autostart menu that appears, select Install. 4. From the Welcome screen, click Continue. 5. At the Enter Product Key screen, enter the product key. 6. Read the EULA and select I Agree if you agree to the EULA, I Decline if you do not accept the terms and con- ditions outlined there. (If you select I Decline the installa- tion the process stops.) 7. Select the type of installation (Table 3.4 defines the instal- lation options). • Typical • Full • Custom TABLE 3.4 I N S TA L L AT I O N C H O I C E T A B L E 1 Typical Full Custom (defaults) (Figure 3.2 displays the choices.) ISA Yes Yes Yes, by default, but your choice FIGURE 3.1 Add-ins No Yes Yes, by default, but your Installation choices. choice H.323 Your choice Add-ins No Yes, if SMTP Your choice service installed Message Screening No prior to installing ISA Administration Yes Yes, by default, but your choice Tools continues
  19. 82 Par t I INSTALLATION AND UPGRADE continued 8. If Custom was selected, select the choices required. 9. From the Setup Window select Firewall Mode, Cache Mode, or Integrated Mode and proceed to the section later in this chapter on the specific mode. Figure 3.3 displays the choices. 10. Services are stopped. 11. If Integrated or Cache Mode was chosen, select the NTFS drive for the cache and configure the cache size. 12. If Integrated or Firewall Mode was chosen, set up the FIGURE 3.2 LAT. Custom choices. 13. Files are added, services are stopped, and then restarted. 14. Clear the option to start the Getting Started Wizard. Enterprise Edition Installing the Enterprise installation consists of two parts: á ISA Server Enterprise Initialization á Installing the ISA Server In order to install the Enterprise edition and incorporate the ISA server in arrays, the ISA Server classes and attributes must be added to the Active Directory. A separate process, the ISA Server Enterprise Initialization, is used for this. After successful completion of this schema modification, the ISA FIGURE 3.3 installation process can be started. ISA Server mode setup screen.
Đồng bộ tài khoản