I HC QUC GIA THNH PH H CH MINH TRNG I HC CNG NGH THNG TIN KHOA MNG MY TNH V TRUYN THNG -----------------o0o-----------------

BO CO TI ISA SERVER
(Internet Security and Acceleration Server)

MN: QUN TR H THNG MNG

Ging vin hng dn: Thy: V Tr Dng Thy: Nguyn Duy Nhm sinh vin thc hin: L Tun Anh 08520011 L Hong Chnh 08520036 V Trng c 08520088 Lm Vn T 08520610

TP. H CH MINH, 02/12/2011

Trang 1

NHN XT CA GIO VIN: ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ......................................................................................................................................................

Trang 2

...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ......................................................................................................................................................

Trang 3

MC LC: I/ Gii thiu: 1.1/Gii thiu tng quan v quan ly h thng mang:................................................6 1.2/Mc ch bi bo co: ...........................................................................................7 II/ ISA server: 2.1/ Gii thiu:..............................................................................................................8 2.2/ Chc nng ca phn mm....................................................................................9 2.3/Ci t ISA Server 2006........................................................................................9 Bc 1: Nng cp DC cho ISA2 ( isa.local ), ISA1 join domain..........................10 Bc 2: Ci ISA 2006 ln ISA1........................................................................10 Bc 3: Ci t SP1 cho ISA Server.....................................................................15 Bc 4: To Rule kim tra ng chuyn.............................................................17 Bc 5: Cu hnh Automatic Discovery................................................................22 Bc 6: Cu hnh Remote Management................................................................35 Mt s ng dng thc t: 1. To rule cho php traffic DNS Query phn gii tn min............................38 2. To rule cho php cc User thuc nhm Nhn Vin xem trang vnexpress.net trong gi lm vic..............................................................................................................44 3. To rule cho php cc User thuc nhm Sp s dng Internet khng hn ch.. ................................................................................................................................52 4. To rule cho php s dng Internet khng hn ch trong gi gii lao..............53 5. Ch cho xem ch.............................................................................................55 6. Cm xem trang www.kenh14.vn Redirect v vnexpress.net:..........................56 7. Cm chat yahoo.................................................................................................59 8. Cm down file c ui exe................................................................................64 9. Monitoring.........................................................................................................66 10. Caching............................................................................................................76 Trin khai M hnh VPN TO GATEWAY 1. To domain user u1/123, Properties Allow acess....................................................84 2. Xc inh Pool s IP c gn..................................................................................84

Trang 4

3. Bt tnh nng VPN client access, xc nh s VPN kt ni ti a, ng thi ........86 4. nh ngha nhm VPN client...................................................................................88 5. To Rule cho php kt ni VPN..............................................................................89 6. Kim tra...................................................................................................................89 2.4/ nh gi cng c ISA server 2006: 2.4.1/ im yu ca ca ISA server so vi Forefront TMG..................................94 2.4.2/ u im ca ISA server 2006 so vi ISA server 2004................................96 2.5/ Li khuyn dnh cho nh qun tr ISA server................................................98 III/ Kt lun......................................................................................................................98 IV/ Ti liu tham kho.....................................................................................................99

Trang 5

I/ Gii thiu: 1.1/ Gii thiu tng quan v quan ly h thng mang: S pht trin v hi t mng trong nhng nm gn y tc ng mnh m ti tt c cc kha cnh ca mng li, thm ch c v nhng nhn thc nn tng v phng php tip cn Qun ly mng cng l mt trong nhng lnh vc ang c nhng s thay i v hon thin mnh m trong c n lc tiu chun ho ca cc t chc tiu chun ln trn th gii v yu cu t pha ngi s dng dch v. Mt khc cc nh khai thc mng, nh cung cp thit b v ngi s dng thng p dng cc phng php chin lc khc nhau cho vic qun ly mng v thit b ca mnh. Mi nh cung cp thit b thng a ra gii php qun ly mng ring cho sn phm ca mnh. Trong bi cnh hi t mng hin nay, s lng thit b v dch v rt a dng v phc tp to ra cc thch thc ln trong vn qun ly mng. Nhim v ca qun ly mng rt r rng v mt nguyn tc chung, nhng cc bi ton qun ly c th li c phc tp rt ln. iu ny xut pht t tnh a dng ca cc h thng thit b v cc c tnh qun ly ca cc loi thit b, v xa hn na l chin lc qun ly phi ph hp vi kin trc mng v p ng yu cu ca ngi s dng. Mt lot cc thit b in hnh cn c qun ly gm: My tnh c nhn, my trm, server, my vi tnh c nh, my vi tnh c ln, cc thit b u cui, thit b o kim, my in thoi, tng i in thoi ni b, cc thit b truyn hnh, my quay, modem, b ghp knh, b chuyn i giao thc, CSU/DSU, b ghp knh thng k, b ghp v gii gi, thit b tng thch ISDN, card NIC, cc b m ho v gii m tn hiu, thit b nn d liu, cc gateway, cc b x l front-end, cc ng trung k, DSC/DAC, cc b lp, b ti to tn hiu, cc thit b chuyn mch, cc bridge, router v switch, tt c mi ch l mt phn ca danh sch cc thit b s phi c qun ly.

Trang 6

Ton cnh ca bc tranh qun ly phi bao gm qun ly cc ti nguyn mng cng nh cc ti nguyn dch v, ngi s dng, cc ng dng h thng, cc c s d liu khc nhau trong cc loi mi trng ng dng. V mt k thut, tt c thng tin trn c thu thp, trao i v c kt hp vi hot ng qun ly mng di dng cc s liu qun ly bi cc k thut tng t nh cc k thut s dng trong mng truyn s liu. Tuy nhin s khc nhau cn bn gia truyn thng s liu v trao i thng tin qun ly l vic trao i thng tin qun ly i hi cc trng d liu chuyn bit, cc giao thc truyn thng cng nh cc m hnh thng tin chuyn bit, cc k nng chuyn bit c th thit k, vn hnh h thng qun ly cng nh bin dch cc thng tin qun ly v bo li, hin trng h thng, cu hnh v bo mt
Mc ch v tm bao qut ca bi vit:

Bi vit tp trung ni v cng c qun l mng ( y l ISA server). Gip ngi qun tr qun l mng mt cch an ton. 1.2/Mc ch bi bo co: ISA Server l phn mm chia s Internet ca hng Microsoft. y l mt trong nhng phn mm tng la (Firewall) c a chung trn th trng hin nay nh vo kh nng bo v h thng mnh m cng vi c ch qun l linh hot. Ni dung ca bi bo co gi gn trong cc vn cu hnh h thng ISA SERVER tr thnh mt Firewall mnh m vn p ng c cc yu cu s dng cc dch v t xa, phc v cho c cc Client bn trong truy cp cc dch v bn ngoi (internet), ln cc Client bn ngoi (Internet Clients) cn truy cp cc dch v bn trong Mng t chc. Firewalls lun gi truyn thng l mt trong cc loi thit b Mng cu hnh phc tp nht v duy tr hot ng ca n bo v Network cng gp khng t th thch cho cc Security

Trang 7

Admin. Cn c nhng kin thc c bn v TCP/IP v cc Network Services hiu r mt Firewall lm vic nh th no. Tuy nhin cng khng nht thit phi tr thnh mt chuyn gia v h tng Mng (network infrastructure ) mi c th s dng c ISA SERVER nh mt Network Firewall. Bi bo co m t cc vn :

Gip bn hiu cc tnh nng c mt trn ISA Server Cung cp nhng li khuyn c th khi dng ti liu cu hnh ISA Server M t chi tit thc hnh trin khai (ISA SERVER)

Mc ch ca ti l hng dn ci t v cu hnh ISA server. Cch s dng cng c ISA server, gip ngi qun tr h thng mng nm bt, hiu r cch trin khai 1 h thng mng an ton. II/ ISA server: 2.1/ Gii thiu: Microsoft Internet Security and Acceleration Sever (ISA Server) l phn mm share internet ca hng phn mm ni ting Microsoft. C th ni y l mt phn mm share internet kh hiu qu, n nh, d cu hnh, firewall tt, nhiu tnh nng cho php bn cu hnh sao cho tng thch vi mng LAN ca bn. ISA Server l mt phn quan trng trong mt k hoch tng th bo mt mng trong mt t chc.

Trang 8

ISA Server thng thng c lp t ti vnh ai mng v c s dng ngn chn cc truy cp tri php vo mt mng ni b, cng nh gii hn cho php truy cp t mng ni b n Internet. 2.2/ Chc nng ca phn mm: ISA Server cung cp cc tnh nng tng la. Nh: Lc gi tin(packet filtering) Lc trng thi(stateful filtering) Lc tng ng dng(application-layer filtering)

ISA Server cho php truy cp an ton vo Internet bng cch m bo rng khch hng c th truy cp ch nhng ti nguyn cn thit trn Internet, v bng cch m bo rng vic kt ni v truyn d liu c n v i t Inernet c an ton ISA Server cho php truy cp an ton t Internet vo ti nguyn mng cc b thng qua vic s dng Web publishing rules, secure Web publishing rules v server publishing rules. Nhng nguyn tc publishing ny gii hn ngi c th truy cp vo mng cc b v nhng g c th c xem cng mt lc c truy cp mng cc b. ISA Server c th cho php truy cp an ton n my ch E-mail bng vic ngn chn cc cuc tn cng my ch, lc th rc n v file nh km. ISA Server cng cho php client kt ni an ton n Exchange Server s dng mt lot cc giao thc client. ISA Server c th cho php kt ni an ton n ti nguyn mng cc b bng cc kt ni VPN c kch hot cho cc client t xa v cc trang web. 2.3/Ci t ISA Server Standard:

Trang 9

M hnh trin khai:

Tn my ISA1 IP GW DNS

Card Internet 192.168.1.11/24 192.168.1.2 null

Card Cross 172.16.1.1/24 Null 172.16.1.2

ISA2

IP GW DNS

disable

172.16.1.2/24 172.16.1.1 172.16.1.2

Bc 1: Nng cp DC cho ISA2 ( isa.local ), ISA1 join domain. Bc 2: Ci ISA 2006 ln ISA1
-

Chy file autorun trong b ci t.

Trang 10

Chn Intall ISA Server 2006

Trang 11

Tr li cc cu hi bn quyn, serial ..

Setup type chn: Typical

Hp thoi Internal Network -> Add ->khai bo range IP internal -> OK-> next

Trang 12

Trang 13

Chn cc gi tr mc nh -> Finish

Trang 14

Bc 3: Ci t SP1 cho ISA Server

Trang 15

Trang 16

Restart li my

Bc 4: To Rule kim tra ng chuyn M ISA Management v chn nh hnh di

t tn Rule l Internet

Trang 17

Action chn Allow

Protocol chn All outbound Traffice -> Next

Trang 18

Access Rule Source -> Add -> chn Internal&Localhost

Access Rule Destinations -> Add -> External

Trang 19

User Set -> All Users -> Next

Finish Apply

Trang 20

Trang 21

Kim tra truy cp vo Internet ( t ISA2 ):

Trang 22

Bc 5: Cu hnh Automatic Discovery + Ti ISA1: ISA Server Management -> Configuration -> Network -> Properties Internal -> Publish automatic discovery information

+ Ti ISA2:
-

1. Ci t DHCP: Control Panel > Add or Remove Programs > Chn Add/Remove Windows

Component > Networking Services > chn details

Trang 23

Chn Dynamic Host Configuration Protocol (DHCP) > Ok > Next

Trang 24

Start > Program > Administrative tools > DHCP

Trang 25

Chut phi ln isa2.isa.local > Chn Authorise

Chut phi isa2.isa.local > Chn New scope >

Trang 26

Mn hnh welcome > Next > Scope name : t tn scope : ISA Scope > Next

Trang 27

in dy IP s cp cho mng lan

( Khng chn 172.16.1.3 n 172.16.1.9 v dnh cho trng hp h thng pht sinh thm server v khng chn cp dy IP 172.16.1.1 & 172.16.1.2 ). Add Excutions ( dng khi khng mun cp 1 IP no trong dy IP ca scope ) y mc nh v khng loi b IP no trong dy IP ny c.

Trang 28

Mn hnh lease Duration ( thi gian s dng 1 IP ) > chn Next

Mn hnh Configure DHCP Options : chn Yes , I want to configure these option now > chn Next

Trang 29

Mn hnh Router (default gateway ) :

Trong Parent Domain : isa.local Server name : isa.local > chn Resolve Trong IP address nhn ng IP server > chn Add

Trang 30

Mn hnh Wins > in trong server name : isa.local > Chn resolve > Trong IP address nhn ng IP server > chn Add > Next

Mn hnh Activate > Chn Yes, I want to activate this scope now > Next > Finish

Trang 31

2. DHCP > Set Predefined options

Trang 32

Chn Add khai bo option mi

Chn Option Name: 252 WPAD Nhp Valule: http://isa1.isa.local:80/WPAD.DAT

Trang 33

M DNS Manager > Khai bo Alias WPAD ng vi tn my ISA

Trang 34

Bc 6: Cu hnh Remote Management Ti my ISA1: M ISA Server Management > Firewall Policy > Toolbox > Network Objects > Computer Sets > Remote Management Computer >Double click

Add > Computer > khai bo tn & a ch my chn (172.16.1.2) > OK ->Tr v ca s chnh > Apply

Trang 35

Ti my ISA2: Chy AutoRun ca b Software ISA 2006 Chn cu hnh mc nh Chng trnh t ng gi chn ISA Management chn cc thng s mc nh hon tt vic ci t

Trang 36

Chy ISA Management c click nt phi chut trn ISA Management Connect to Nhp tn my l

Trang 37

Lc ny c th thc hin cc thao tc trn ISA 2006 nh ti my l

MT S NG DNG THC T 1. To rule cho php traffic DNS Query phn gii tn min: ISA Management > Firewall Policy > New > Access Rule

Trang 38

G DNS Query vo Access Rule Name > Next

Trang 39

Action chn Allow > Next

Trong This Rule Apply to: chn Selected Protocols Add > Common Protocol > DNS > OK > Next

Trang 40

Trong Access Rule Source > Add > Networks > Internal > Add > Close > Next

Trang 41

Trong Access Rule Destination > Add > Networks > External > Close > Next

Trong User Sets chn gi tr mc nh All Users > Next > Finish

Trang 42

Apply > OK

Trang 43

Kim tra ti ISA2: Dng lnh NSLOOKUP phn gii tn min bt k

2. To rule cho php cc User thuc nhm Nhn Vin xem trang vnexpress.net trong gi lm vic a nh ngha nhm NhanVien b nh ngha URL Set cha trang vnexpress.net c nh ngha gi lm vic d To rule e Kim tra a- nh ngha nhm NhanVien Dng chng trnh Active Directory User and Computer to 2 user nv1, nv2 (password 123) To Group NhanVien a 2 user nv1, nv2 vo Group NhanVien

Trang 44

ISA Server Management > Firewall Policy > Toolbox > Users > New

Nhp chui Nhan Vien vo User set name > Next

Trang 45

Add > Windows User and Group

Chn Group Nhan Vien > Next > Finish

Trang 46

b- nh ngha URL Set cha trang vnexpress.net + ISA Server Management > Firewall Policy > Toolbox > Network

Objects > New > URL Set

Trang 47

Dng name t tn vnexpress > New, khai 2 dng http://vnexpress.net http://*.vnexpress.net > OK

Trang 48

c- nh ngha gi lm vic ISA Server Management > Firewall Policy > Toolbox > Schedule > New Name: Gio Lam Viec Chn Active t 8am ->12pm & 2pm ->6 pm > OK

Trang 49

d- To Access rule theo cc thng s sau: Rule Name: Nhan Vien Gio lam viec Action: Allow Protocols: HTTP + HTTPS Source: Internal Destination: URL Set > vnexpress User: NhanVien (Cc thao tc lm tng t nh phn 1) Click nt phi chut trn rule va to > Properties Chn Schedule > Gio lam viec > OK > Apply Rule

Trang 50

Kim tra: Disable rule Internet:

Trang 51

Logon nv1, kim tra gi ca my: trong gi lm vic, m th vnexpress, m th google. Logon User khc (khng phi nv1, nv2), m th vnexpress, m th google. ( xem clip demo kt qu Nhan Vien - Gio lam viec.avi ) 3- To rule cho php cc User thuc nhm Sp s dng Internet khng hn ch a- nh ngha nhm Sp b- To rule c- Kim tra

a- nh ngha nhm Sp: Dng chng trnh Active Directory User and Computer to 2 user s1, s2 (password 123) To Group Sep a 2 user s1, s2 vo Group Sep Cc bc cn li lm tng t phn 2a( nh ngha nhm NhanVien) b- To rule To Access rule theo cc thng s sau: Rule Name: Sep Action: Allow Protocols: All Outbound Traffic Source: Internal Destination: External User: Sep Cc thao tc lm tng t nh phn 1

Trang 52

c- Kim tra Logon s1, th truy cp internet .( xem clip demo ket qua Sep.avi ) 4 - To rule cho php s dng Internet khng hn ch trong gi gii lao a - nh ngha gi gii lao b - To rule c - Kim tra a nh ngha gi gii lao: Lm tng t 2c

Trang 53

b - To rule: To Access rule theo cc thng s sau: Rule Name: Giai Lao Action: Allow Protocols: All Outbound Traffic Source: Internal Destination: External User: All Users Cc thao tc lm tng t nh phn 1 Sau khi to rule xong, chn properties ca rule va to > Schedule >Gio giai lao

Trang 54

c Kim tra: Logon nv1, sa li gi trn my ISA trng vi gi gii lao, truy cp internet ( xem clip demo kt qu Giai lao.avi ) 5 - Ch cho xem ch : Chn Properties ca Rule Gia Lao > Content Types > Selected Content Types: - Documents - HTML Documents - Text

Trang 55

Xem clip demo ket qua: Chi duoc xem chu.avi

6 - Cm xem trang www.kenh14.vn Redirect v vnexpress.net:

a - nh ngha cc trang web mun cm b - To Rule c - Kim tra

a - nh ngha cc trang web mun cm:

To URL Set tng t phn 2b, t tn l Nhung trang web cam, trong URL Set khai bo:

Trang 56

http://*.kenh14.vn http://kenh14.vn

b To rule:

To Access rule theo cc thng s sau:

Rule Name: Web bi cam Action: Deny Protocols: All Outbound Traffic Source: Internal Destination: URL Set > Nhung trang web cam

Trang 57

User: All Users Cc thao tc lm tng t nh phn 1

Sau khi to rule, click nt phi chut, chn Move Up cho n khi gi tr order bng 1

Redirect v vnexpress.net Click chut phi ln Rule Web bi cam > Properties >Action > check Redirect Http request to this Web page > nhp http://vnexpress.net > OK > Apply > OK

Trang 58

Xem clip demo kt qu Cam kenh14vn.avi 7- Cm chat yahoo

1. M port cho chy yahoo trong h thng 2. Thc hin cm signin yahoo

1. M port cho chy yahoo trong h thng Mc nh yahoo khng sign in c, mun chy c yahoo phi thit lp Access rule Rule Name: Mo port yahoo Action: Allow Protocols: Yahoo port

Trang 59

Khi chn Protocol > Add>New

t tn Yahoo port

Trang 60

Chn New > Nhp port 5000 -> 5050

Chn No

Trang 61

Next > Finish Source: Internal Destination: External User: All Users Cc thao tc lm tng t nh phn 1

Test ng nhp yahoo trong gi lm vic ( trc khi cm ): SigninYahoo.avi 2. Cm chat: Dng ADUC to Group KeToan. inh ngha nhm KeToan. To Rule KeToan, cho s dung internet thoi mi.

Trang 62

Lm tng t nh cc phn trn. Cm group KeToanchat: Chut phi Rule KeToan > Configure HTTP Tab Signatures > Add

Nhp tng t nh hnh

Trang 63

OK > Apply >OK Xem demo kt qu clip Deny yahoo.avi 8- Cm down file c ui exe Chut phi Rule Sep > Configure HTTP

Trang 64

Extension > Block specified extensions (allow all others ) > Add in thng s Extension: .exe > OK

Trang 65

Apply > OK Tng t nh vy cho Rule Giai Lao & Nhan Vien Gio Lam Viec Xem clip demo kt qu Cam down file duoi exe.avi 9- Monitoring: Gim st cc lung thng tin traffic ra vo h thng mng, tng hp thng tin bo co 1) Bt Authentication B1: Networks > Internal > Properties B2: Web proxy > Authentication

Trang 66

B3: Require all users to Authenticate >OK>Apply

Trang 67

+ Xem cc phin giao dch

Trang 68

Client i ra bng webproxy, SecureNat. Xem ct Client Username : bit c ngi thc hin. + Xem chi tit hn vi tab Logging: B1: Monitoring > tab Logging >start Querry

Thy c lung traffic ang i bng Protocol no, thnh cng tht bi, c cho bi Protocol no

Trang 69

URL cho bit i tng truy cp:

Trang 70

Lp bo co thng k: B1: Monitoring > Tab Reports > Create And Configure Report Jobs B2: Report Job Properties > Add

Trang 71

Mn hnh Welcome g Test Job

Trang 72

Report Content > Next

Report Job shedule > Next ( Chn lch bo co )

Trang 73

Report Publishing > Next

Send E-mail Notification > Next > Finish > Apply B3: Xem ct Status Completed

Trang 74

B4: Chut phi > view > xem kt qu

Trang 75

10- Caching Ni dung: Download 1 trang web thng truy cp v lu cache, user truy cp nhanh hn
1.

To CacheRule

B1- ISAServer Managament > Configuration >Disable the Microsoft Update Cache Rule

Trang 76

B2- Cache Drives > Properties

Trang 77

B3-Maximum cache size (MB): 1000 > Set >OK

Trang 78

2. To Content Download Job B1- Configuration > Cache > New > Content Download Job >Yes

Trang 79

B2- Download Job Name : www.tuoitre.vn

Trang 80

La chn ngy Cache

Thi gian bt u Cache

Trang 81

Content Download >http://www.tuoitre.vn

Content Caching > mc nh >Next > Finish Chuot phi ln Rule va to > Start

Trang 82

Trang 83

Trin khai M hnh VPN TO GATEWAY

1. To domain user u1/123, Properties Allow acess

2. Xc inh Pool s IP c gn ISA Management > Virtual Private Network > VPN Client > Taskpane > Task >Define Address Assignments

Trang 84

Static address pool > Add -

Starting address: 10.10.10.1 Ending address: 10.10.10.200 ( nhiu hn Maximum number of VPN client allowed bc 3 )

Trang 85

3.

Bt tnh nng VPN client access, xc nh s VPN kt ni ti a, ng thi

B1: Chn Configure VPN client Acess

Trang 86

B2: Tab General > Enable VPN client access > 100 ( Maximum number of VPN client allowed )

Trang 87

4. nh ngha nhm VPN client B1: ISA Server Management > Firewall Policy > Toolbox > Users > New > Nhp VPN Client

B2: Add > Windows user and group > chn u1

Trang 88

5. To Rule cho php kt ni VPN Rule Name: VPN Action: Allow Protocols: All Outbound Traffic Source: VPN Client Destination:Internal User: VPN Clients Apply > OK 6. Kim tra: My th 3 ni vi ISA1 bng card Internet B1: Start > Setting > Network Connection

Trang 89

Trang 90

New Connection Wizard > Next > Connect to the network at my workplace >Virtual Private Network connection > nhp VPN Clients > IP card Internet ca ISA1 > Next > Finish

Trang 91

B2: u1/123 > Connect> thnh cng

Trang 92

B3: Start > \\172.16.1.2 > thnh cng

Trang 93

2.4/ nh gi cng c ISA server 2006:

2.4.1/ im yu ca ca ISA server so vi Forefront TMG ISA server 2006 khng h tr chy trn windows server 2008 64bit, khng lc URL, Forefront TMG c u c cc tnh nng ca ISA server 2006, v h tr thm cc tnh nng khc :

Trang 94

Forefont TMG l update ca ISA 2006. Mc tiu ca TMG ra i l h tr cho cc phin bn 64bit sau ny ca Microsoft. V d nh hin gi Windows 2008 64bit, Exchange 64bit, Sharepoitn.... TMG ch h tr 64bit m thi, thm vo TMG c tnh n nh cao hn (chy trn 64bit m). Do Forefont TMG l th h sau ca thng ISA 2006 c thm tnh nng chnh: Web and email anti-malware and virus protection. Trong bao gm: Ch chy trn windows server 2008 R2 64bit, bn EBS.H tr th h TCP/IP tip theo (IPv6); Web antivirus v web mail-ware protection; D dng qun l, giao din ngi dng thn thin, bo co nhanh; Lc a ch URL; Thm nh HTTPS: khi client request certificate vi server. Forefont TMG ng gia, xin certificate thay ngi dng. ng thi t sinh ra certificate cho ngi dng; Email antivirus v anti spam; Network intrusion prevent; TFTP Filter; Network functionality Enhancement

Trang 95

2.4.2/ u im ca ISA server 2006 so vi ISA server 2004: V giao din th ISA 2006 ging ISA 2004 n 90%. Tuy nhin, n c nhng tnh nng mi ni tri hn m ISA 2004 vn cn hn ch, chng hn nh:

Pht trin h tr OWA, OMA, ActiveSync v RPC/http Publishing H tr SharePoint Portal Server H tr cho vic kt ni nhiu Certificates ti 1 Web listener H tr vic chng thc LDAP cho Web Publishing Rules c im ni bt ca bn 2006 so vi 2004 l tnh nng Publishing v VPN

V kh nng Publishing Service ISA 2006 c th t to ra cc form trong khi ngi dng truy cp vo trang OWA, qua y h tr chng thc kiu form-based. chng li cc ngi dng bt hp php vo trang web OWA. tnh nng ny c pht trin di dng Add-ins. Cho php public Terminal Server theo chun RDP over SSL, m bo d liu trong phin kt ni c m ha trn Internet (k c password). Block cc kt ni non-encrypted MAPI n Exchange Server, cho php Outlook ca ngi dng kt ni an ton n Exchange Server Rt nhiu cc Wizard cho php ngi qun tr public cc Server ni b ra internet 1 cch an ton. h tr c cc sn phm mi nh Exchange 2007.

Kh nng kt ni VPN Cung cp Wizard cho php cu hnh t ng site-to-site VPN 2 vn phng ring bit. tt nhin ai thch cu hnh bng tay ti tng im mt cng c. tch hp hon ton Quanratine, Stateful filtering and inspection (ci ny th quen thuc ri), kim tra y cc iu kin trn VPN Connection, Site to site, secureNAT for VPN Clients, ...

Trang 96

Cho php Public lun 1 VPN Server khc trong Intranet ra ngoi Internet (th mi gu), h tr PPTP, L2TP/IPSec, IPSec Tunnel site-to-site (vi cc sn phm VPN khc, cha th ci ny u nh).

V kh nng qun l D dng qun l Rt nhiu Wizard Backup v Restore n gin. Cho php y quyn qun tr cho cc User/Group Log v Report cc tt. Cu hnh 1 ni, chy mi ni (ci ISA Enterprise) Khai bo thm server vo array d dng Tch hp vi gii php qun l ca Microsoft: MOM SDK, nu ai thch lp trnh cc gii php tch hp vo ISA 2006 th rt khoi b ny. C cc gii php hardware Cc tnh nng khc H tr nhiu CPU v RAM max 32 node Network Loadbalancing H tr nhiu network, khng cn ong m ci ny, n t cc loi khc. Route/NAT theo tng network Firewall rule a dng IDS (cng tm c) Flood Resiliency HTTP compression Diffserv

Trang 97

2.5/ Li khuyn dnh cho nh qun tr ISA server L mt ngi qun tr ISA Server, bn phi chu trch nhim hon thnh vic trin khai ISA Server, bao gm vic thit k, cho n cu hnh v qun l. ISA Server Management Console c dng qun l v gim st hu ht cc hot ng ca ISA Server. N bao gm nhiu nt c trng c th n gin ha vic qun l. Nh mt phn ca vai tr qun tr ISA Server, bn nn lin tc gim st server. ISA Server cung cp mt vi tnh nng c trng cho php bn thu thp cc thng tin thi gian thc v s thc thi v bo mt ca server, cng nh cho php bn thu thp v phn tch cc phng hng s dng lu di.

III/ Kt lun:
Bi bo co tp trung vo cc vn cu hnh h thng ISA SERVER tr thnh mt Firewall mnh m vn p ng c cc yu cu s dng cc dch v t xa, phc v cho c cc Client bn trong truy cp cc dch v bn ngoi (internet), ln cc Client bn ngoi (Internet Clients) cn truy cp cc dch v bn trong Mng t chc. Bi bo co m t cc vn : Server M t chi tit thc hnh trin khai (ISA SERVER) Gip bn hiu cc tnh nng ca ISA Server Cung cp nhng li khuyn c th khi dng ti liu cu hnh ISA

Trang 98

Trn y ch l nhng tm hiu s b ca nhm v ISA server, cc thng tin ch mang tnh cht khi qut qut. ISA server l mt lnh vc kh v rng, tuy nhin c rt nhiu im hp dn i su vo tm hiu.

IV/ Ti liu tham kho:

ISA Server 2006 Standard Edition & Enterprise Edition Common Criteria Evaluation
Sams Microsoft ISAServer 2006 Unleashed Dec 2007 Syngress Dr Tom Shinders ISA Server 2006 Migration Guide Aug 2007

Trang 99

Trang 100