bao cao isa
TRANSCRIPT
I HC QUC GIA THNH PH H CH MINH TRNG I HC CNG NGH THNG TIN KHOA MNG MY TNH V TRUYN THNG -----------------o0o-----------------
BO CO TI ISA SERVER(Internet Security and Acceleration Server)
MN: QUN TR H THNG MNG
Ging vin hng dn: Thy: V Tr Dng Thy: Nguyn Duy Nhm sinh vin thc hin: L Tun Anh 08520011 L Hong Chnh 08520036 V Trng c 08520088 Lm Vn T 08520610
TP. H CH MINH, 02/12/2011
Trang 1
NHN XT CA GIO VIN: ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ......................................................................................................................................................
Trang 2
...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ...................................................................................................................................................... ......................................................................................................................................................
Trang 3
MC LC: I/ Gii thiu: 1.1/Gii thiu tng quan v quan ly h thng mang:................................................6 1.2/Mc ch bi bo co: ...........................................................................................7 II/ ISA server: 2.1/ Gii thiu:..............................................................................................................8 2.2/ Chc nng ca phn mm....................................................................................9 2.3/Ci t ISA Server 2006........................................................................................9 Bc 1: Nng cp DC cho ISA2 ( isa.local ), ISA1 join domain..........................10 Bc 2: Ci ISA 2006 ln ISA1........................................................................10 Bc 3: Ci t SP1 cho ISA Server.....................................................................15 Bc 4: To Rule kim tra ng chuyn.............................................................17 Bc 5: Cu hnh Automatic Discovery................................................................22 Bc 6: Cu hnh Remote Management................................................................35 Mt s ng dng thc t: 1. To rule cho php traffic DNS Query phn gii tn min............................38 2. To rule cho php cc User thuc nhm Nhn Vin xem trang vnexpress.net trong gi lm vic..............................................................................................................44 3. To rule cho php cc User thuc nhm Sp s dng Internet khng hn ch.. ................................................................................................................................52 4. To rule cho php s dng Internet khng hn ch trong gi gii lao..............53 5. Ch cho xem ch.............................................................................................55 6. Cm xem trang www.kenh14.vn Redirect v vnexpress.net:..........................56 7. Cm chat yahoo.................................................................................................59 8. Cm down file c ui exe................................................................................64 9. Monitoring.........................................................................................................66 10. Caching............................................................................................................76 Trin khai M hnh VPN TO GATEWAY 1. To domain user u1/123, Properties Allow acess....................................................84 2. Xc inh Pool s IP c gn..................................................................................84
Trang 4
3. Bt tnh nng VPN client access, xc nh s VPN kt ni ti a, ng thi ........86 4. nh ngha nhm VPN client...................................................................................88 5. To Rule cho php kt ni VPN..............................................................................89 6. Kim tra...................................................................................................................89 2.4/ nh gi cng c ISA server 2006: 2.4.1/ im yu ca ca ISA server so vi Forefront TMG..................................94 2.4.2/ u im ca ISA server 2006 so vi ISA server 2004................................96 2.5/ Li khuyn dnh cho nh qun tr ISA server................................................98 III/ Kt lun......................................................................................................................98 IV/ Ti liu tham kho.....................................................................................................99
Trang 5
I/ Gii thiu: 1.1/ Gii thiu tng quan v quan ly h thng mang: S pht trin v hi t mng trong nhng nm gn y tc ng mnh m ti tt c cc kha cnh ca mng li, thm ch c v nhng nhn thc nn tng v phng php tip cn Qun ly mng cng l mt trong nhng lnh vc ang c nhng s thay i v hon thin mnh m trong c n lc tiu chun ho ca cc t chc tiu chun ln trn th gii v yu cu t pha ngi s dng dch v. Mt khc cc nh khai thc mng, nh cung cp thit b v ngi s dng thng p dng cc phng php chin lc khc nhau cho vic qun ly mng v thit b ca mnh. Mi nh cung cp thit b thng a ra gii php qun ly mng ring cho sn phm ca mnh. Trong bi cnh hi t mng hin nay, s lng thit b v dch v rt a dng v phc tp to ra cc thch thc ln trong vn qun ly mng. Nhim v ca qun ly mng rt r rng v mt nguyn tc chung, nhng cc bi ton qun ly c th li c phc tp rt ln. iu ny xut pht t tnh a dng ca cc h thng thit b v cc c tnh qun ly ca cc loi thit b, v xa hn na l chin lc qun ly phi ph hp vi kin trc mng v p ng yu cu ca ngi s dng. Mt lot cc thit b in hnh cn c qun ly gm: My tnh c nhn, my trm, server, my vi tnh c nh, my vi tnh c ln, cc thit b u cui, thit b o kim, my in thoi, tng i in thoi ni b, cc thit b truyn hnh, my quay, modem, b ghp knh, b chuyn i giao thc, CSU/DSU, b ghp knh thng k, b ghp v gii gi, thit b tng thch ISDN, card NIC, cc b m ho v gii m tn hiu, thit b nn d liu, cc gateway, cc b x l front-end, cc ng trung k, DSC/DAC, cc b lp, b ti to tn hiu, cc thit b chuyn mch, cc bridge, router v switch, tt c mi ch l mt phn ca danh sch cc thit b s phi c qun ly.
Trang 6
Ton cnh ca bc tranh qun ly phi bao gm qun ly cc ti nguyn mng cng nh cc ti nguyn dch v, ngi s dng, cc ng dng h thng, cc c s d liu khc nhau trong cc loi mi trng ng dng. V mt k thut, tt c thng tin trn c thu thp, trao i v c kt hp vi hot ng qun ly mng di dng cc s liu qun ly bi cc k thut tng t nh cc k thut s dng trong mng truyn s liu. Tuy nhin s khc nhau cn bn gia truyn thng s liu v trao i thng tin qun ly l vic trao i thng tin qun ly i hi cc trng d liu chuyn bit, cc giao thc truyn thng cng nh cc m hnh thng tin chuyn bit, cc k nng chuyn bit c th thit k, vn hnh h thng qun ly cng nh bin dch cc thng tin qun ly v bo li, hin trng h thng, cu hnh v bo mt Mc ch v tm bao qut ca bi vit:
Bi vit tp trung ni v cng c qun l mng ( y l ISA server). Gip ngi qun tr qun l mng mt cch an ton. 1.2/Mc ch bi bo co: ISA Server l phn mm chia s Internet ca hng Microsoft. y l mt trong nhng phn mm tng la (Firewall) c a chung trn th trng hin nay nh vo kh nng bo v h thng mnh m cng vi c ch qun l linh hot. Ni dung ca bi bo co gi gn trong cc vn cu hnh h thng ISA SERVER tr thnh mt Firewall mnh m vn p ng c cc yu cu s dng cc dch v t xa, phc v cho c cc Client bn trong truy cp cc dch v bn ngoi (internet), ln cc Client bn ngoi (Internet Clients) cn truy cp cc dch v bn trong Mng t chc. Firewalls lun gi truyn thng l mt trong cc loi thit b Mng cu hnh phc tp nht v duy tr hot ng ca n bo v Network cng gp khng t th thch cho cc Security
Trang 7
Admin. Cn c nhng kin thc c bn v TCP/IP v cc Network Services hiu r mt Firewall lm vic nh th no. Tuy nhin cng khng nht thit phi tr thnh mt chuyn gia v h tng Mng (network infrastructure ) mi c th s dng c ISA SERVER nh mt Network Firewall. Bi bo co m t cc vn :
Gip bn hiu cc tnh nng c mt trn ISA Server Cung cp nhng li khuyn c th khi dng ti liu cu hnh ISA Server M t chi tit thc hnh trin khai (ISA SERVER)
Mc ch ca ti l hng dn ci t v cu hnh ISA server. Cch s dng cng c ISA server, gip ngi qun tr h thng mng nm bt, hiu r cch trin khai 1 h thng mng an ton. II/ ISA server: 2.1/ Gii thiu: Microsoft Internet Security and Acceleration Sever (ISA Server) l phn mm share internet ca hng phn mm ni ting Microsoft. C th ni y l mt phn mm share internet kh hiu qu, n nh, d cu hnh, firewall tt, nhiu tnh nng cho php bn cu hnh sao cho tng thch vi mng LAN ca bn. ISA Server l mt phn quan trng trong mt k hoch tng th bo mt mng trong mt t chc.
Trang 8
ISA Server thng thng c lp t ti vnh ai mng v c s dng ngn chn cc truy cp tri php vo mt mng ni b, cng nh gii hn cho php truy cp t mng ni b n Internet. 2.2/ Chc nng ca phn mm: ISA Server cung cp cc tnh nng tng la. Nh: Lc gi tin(packet filtering) Lc trng thi(stateful filtering) Lc tng ng dng(application-layer filtering)
ISA Server cho php truy cp an ton vo Internet bng cch m bo rng khch hng c th truy cp ch nhng ti nguyn cn thit trn Internet, v bng cch m bo rng vic kt ni v truyn d liu c n v i t Inernet c an ton ISA Server cho php truy cp an ton t Internet vo ti nguyn mng cc b thng qua vic s dng Web publishing rules, secure Web publishing rules v server publishing rules. Nhng nguyn tc publishing ny gii hn ngi c th truy cp vo mng cc b v nhng g c th c xem cng mt lc c truy cp mng cc b. ISA Server c th cho php truy cp an ton n my ch E-mail bng vic ngn chn cc cuc tn cng my ch, lc th rc n v file nh km. ISA Server cng cho php client kt ni an ton n Exchange Server s dng mt lot cc giao thc client. ISA Server c th cho php kt ni an ton n ti nguyn mng cc b bng cc kt ni VPN c kch hot cho cc client t xa v cc trang web. 2.3/Ci t ISA Server Standard:
Trang 9
M hnh trin khai:
Tn my ISA1 IP GW DNS
Card Internet 192.168.1.11/24 192.168.1.2 null
Card Cross 172.16.1.1/24 Null 172.16.1.2
ISA2
IP GW DNS
disable
172.16.1.2/24 172.16.1.1 172.16.1.2
Bc 1: Nng cp DC cho ISA2 ( isa.local ), ISA1 join domain. Bc 2: Ci ISA 2006 ln ISA1-
Chy file autorun trong b ci t.
Trang 10
Chn Intall ISA Server 2006
Trang 11
-
Tr li cc cu hi bn quyn, serial ..
-
Setup type chn: Typical
-
Hp thoi Internal Network -> Add ->khai bo range IP internal -> OK-> next
Trang 12
Trang 13
-
Chn cc gi tr mc nh -> Finish
Trang 14
Bc 3: Ci t SP1 cho ISA Server
Trang 15
Trang 16
-
Restart li my
Bc 4: To Rule kim tra ng chuyn M ISA Management v chn nh hnh di
-
t tn Rule l Internet
Trang 17
-
Action chn Allow
-
Protocol chn All outbound Traffice -> Next
Trang 18
-
Access Rule Source -> Add -> chn Internal&Localhost
-
Access Rule Destinations -> Add -> External
Trang 19
-
User Set -> All Users -> Next
-
Finish Apply
Trang 20
Trang 21
Kim tra truy cp vo Internet ( t ISA2 ):
Trang 22
Bc 5: Cu hnh Automatic Discovery + Ti ISA1: ISA Server Management -> Configuration -> Network -> Properties Internal -> Publish automatic discovery information
+ Ti ISA2:-
1. Ci t DHCP: Control Panel > Add or Remove Programs > Chn Add/Remove Windows
Component > Networking Services > chn details
Trang 23
Chn Dynamic Host Configuration Protocol (DHCP) > Ok > Next
Trang 24
Start > Program > Administrative tools > DHCP
Trang 25
Chut phi ln isa2.isa.local > Chn Authorise
Chut phi isa2.isa.local > Chn New scope >
Trang 26
Mn hnh welcome > Next > Scope name : t tn scope : ISA Scope > Next
Trang 27
in dy IP s cp cho mng lan
( Khng chn 172.16.1.3 n 172.16.1.9 v dnh cho trng hp h thng pht sinh thm server v khng chn cp dy IP 172.16.1.1 & 172.16.1.2 ). Add Excutions ( dng khi khng mun cp 1 IP no trong dy IP ca scope ) y mc nh v khng loi b IP no trong dy IP ny c.
Trang 28
Mn hnh lease Duration ( thi gian s dng 1 IP ) > chn Next
Mn hnh Configure DHCP Options : chn Yes , I want to configure these option now > chn Next
Trang 29
Mn hnh Router (default gateway ) :
Trong Parent Domain : isa.local Server name : isa.local > chn Resolve Trong IP address nhn ng IP server > chn Add
Trang 30
Mn hnh Wins > in trong server name : isa.local > Chn resolve > Trong IP address nhn ng IP server > chn Add > Next
Mn hnh Activate > Chn Yes, I want to activate this scope now > Next > Finish
Trang 31
-
2. DHCP > Set Predefined options
Trang 32
Chn Add khai bo option mi
Chn Option Name: 252 WPAD Nhp Valule: http://isa1.isa.local:80/WPAD.DAT
Trang 33
M DNS Manager > Khai bo Alias WPAD ng vi tn my ISA
Trang 34
Bc 6: Cu hnh Remote Management Ti my ISA1: M ISA Server Management > Firewall Policy > Toolbox > Network Objects > Computer Sets > Remote Management Computer >Double click
Add > Computer > khai bo tn & a ch my chn (172.16.1.2) > OK ->Tr v ca s chnh > Apply
Trang 35
Ti my ISA2: Chy AutoRun ca b Software ISA 2006 Chn cu hnh mc nh Chng trnh t ng gi chn ISA Management chn cc thng s mc nh hon tt vic ci t
Trang 36
Chy ISA Management c click nt phi chut trn ISA Management Connect to Nhp tn my l
Trang 37
Lc ny c th thc hin cc thao tc trn ISA 2006 nh ti my l
MT S NG DNG THC T 1. To rule cho php traffic DNS Query phn gii tn min: ISA Management > Firewall Policy > New > Access Rule
Trang 38
G DNS Query vo Access Rule Name > Next
Trang 39
Action chn Allow > Next
Trong This Rule Apply to: chn Selected Protocols Add > Common Protocol > DNS > OK > Next
Trang 40
Trong Access Rule Source > Add > Networks > Internal > Add > Close > Next
Trang 41
Trong Access Rule Destination > Add > Networks > External > Close > Next
Trong User Sets chn gi tr mc nh All Users > Next > Finish
Trang 42
Apply > OK
Trang 43
Kim tra ti ISA2: Dng lnh NSLOOKUP phn gii tn min bt k
2. To rule cho php cc User thuc nhm Nhn Vin xem trang vnexpress.net trong gi lm vic a nh ngha nhm NhanVien b nh ngha URL Set cha trang vnexpress.net c nh ngha gi lm vic d To rule e Kim tra a- nh ngha nhm NhanVien Dng chng trnh Active Directory User and Computer to 2 user nv1, nv2 (password 123) To Group NhanVien a 2 user nv1, nv2 vo Group NhanVien
Trang 44
ISA Server Management > Firewall Policy > Toolbox > Users > New
Nhp chui Nhan Vien vo User set name > Next
Trang 45
Add > Windows User and Group
Chn Group Nhan Vien > Next > Finish
Trang 46
b- nh ngha URL Set cha trang vnexpress.net + ISA Server Management > Firewall Policy > Toolbox > Network
Objects > New > URL Set
Trang 47
Dng name t tn vnexpress > New, khai 2 dng http://vnexpress.net http://*.vnexpress.net > OK
Trang 48
c- nh ngha gi lm vic ISA Server Management > Firewall Policy > Toolbox > Schedule > New Name: Gio Lam Viec Chn Active t 8am ->12pm & 2pm ->6 pm > OK
Trang 49
d- To Access rule theo cc thng s sau: Rule Name: Nhan Vien Gio lam viec Action: Allow Protocols: HTTP + HTTPS Source: Internal Destination: URL Set > vnexpress User: NhanVien (Cc thao tc lm tng t nh phn 1) Click nt phi chut trn rule va to > Properties Chn Schedule > Gio lam viec > OK > Apply Rule
Trang 50
Kim tra: Disable rule Internet:
Trang 51
Logon nv1, kim tra gi ca my: trong gi lm vic, m th vnexpress, m th google. Logon User khc (khng phi nv1, nv2), m th vnexpress, m th google. ( xem clip demo kt qu Nhan Vien - Gio lam viec.avi ) 3- To rule cho php cc User thuc nhm Sp s dng Internet khng hn ch a- nh ngha nhm Sp b- To rule c- Kim tra
a- nh ngha nhm Sp: Dng chng trnh Active Directory User and Computer to 2 user s1, s2 (password 123) To Group Sep a 2 user s1, s2 vo Group Sep Cc bc cn li lm tng t phn 2a( nh ngha nhm NhanVien) b- To rule To Access rule theo cc thng s sau: Rule Name: Sep Action: Allow Protocols: All Outbound Traffic Source: Internal Destination: External User: Sep Cc thao tc lm tng t nh phn 1
Trang 52
c- Kim tra Logon s1, th truy cp internet .( xem clip demo ket qua Sep.avi ) 4 - To rule cho php s dng Internet khng hn ch trong gi gii lao a - nh ngha gi gii lao b - To rule c - Kim tra a nh ngha gi gii lao: Lm tng t 2c
Trang 53
b - To rule: To Access rule theo cc thng s sau: Rule Name: Giai Lao Action: Allow Protocols: All Outbound Traffic Source: Internal Destination: External User: All Users Cc thao tc lm tng t nh phn 1 Sau khi to rule xong, chn properties ca rule va to > Schedule >Gio giai lao
Trang 54
c Kim tra: Logon nv1, sa li gi trn my ISA trng vi gi gii lao, truy cp internet ( xem clip demo kt qu Giai lao.avi ) 5 - Ch cho xem ch : Chn Properties ca Rule Gia Lao > Content Types > Selected Content Types: - Documents - HTML Documents - Text
Trang 55
Xem clip demo ket qua: Chi duoc xem chu.avi
6 - Cm xem trang www.kenh14.vn Redirect v vnexpress.net:
a - nh ngha cc trang web mun cm b - To Rule c - Kim tra
a - nh ngha cc trang web mun cm:
To URL Set tng t phn 2b, t tn l Nhung trang web cam, trong URL Set khai bo:
Trang 56
http://*.kenh14.vn http://kenh14.vn
b To rule:
To Access rule theo cc thng s sau:
Rule Name: Web bi cam Action: Deny Protocols: All Outbound Traffic Source: Internal Destination: URL Set > Nhung trang web cam
Trang 57
User: All Users Cc thao tc lm tng t nh phn 1
Sau khi to rule, click nt phi chut, chn Move Up cho n khi gi tr order bng 1
Redirect v vnexpress.net Click chut phi ln Rule Web bi cam > Properties >Action > check Redirect Http request to this Web page > nhp http://vnexpress.net > OK > Apply > OK
Trang 58
Xem clip demo kt qu Cam kenh14vn.avi 7- Cm chat yahoo1. M port cho chy yahoo trong h thng 2. Thc hin cm signin yahoo
1. M port cho chy yahoo trong h thng Mc nh yahoo khng sign in c, mun chy c yahoo phi thit lp Access rule Rule Name: Mo port yahoo Action: Allow Protocols: Yahoo port
Trang 59
Khi chn Protocol > Add>New
t tn Yahoo port
Trang 60
Chn New > Nhp port 5000 -> 5050
Chn No
Trang 61
Next > Finish Source: Internal Destination: External User: All Users Cc thao tc lm tng t nh phn 1
Test ng nhp yahoo trong gi lm vic ( trc khi cm ): SigninYahoo.avi 2. Cm chat: Dng ADUC to Group KeToan. inh ngha nhm KeToan. To Rule KeToan, cho s dung internet thoi mi.
Trang 62
Lm tng t nh cc phn trn. Cm group KeToanchat: Chut phi Rule KeToan > Configure HTTP Tab Signatures > Add
Nhp tng t nh hnh
Trang 63
OK > Apply >OK Xem demo kt qu clip Deny yahoo.avi 8- Cm down file c ui exe Chut phi Rule Sep > Configure HTTP
Trang 64
Extension > Block specified extensions (allow all others ) > Add in thng s Extension: .exe > OK
Trang 65
Apply > OK Tng t nh vy cho Rule Giai Lao & Nhan Vien Gio Lam Viec Xem clip demo kt qu Cam down file duoi exe.avi 9- Monitoring: Gim st cc lung thng tin traffic ra vo h thng mng, tng hp thng tin bo co 1) Bt Authentication B1: Networks > Internal > Properties B2: Web proxy > Authentication
Trang 66
B3: Require all users to Authenticate >OK>Apply
Trang 67
+ Xem cc phin giao dch
Trang 68
Client i ra bng webproxy, SecureNat. Xem ct Client Username : bit c ngi thc hin. + Xem chi tit hn vi tab Logging: B1: Monitoring > tab Logging >start Querry
Thy c lung traffic ang i bng Protocol no, thnh cng tht bi, c cho bi Protocol no
Trang 69
URL cho bit i tng truy cp:
Trang 70
Lp bo co thng k: B1: Monitoring > Tab Reports > Create And Configure Report Jobs B2: Report Job Properties > Add
Trang 71
Mn hnh Welcome g Test Job
Trang 72
Report Content > Next
Report Job shedule > Next ( Chn lch bo co )
Trang 73
Report Publishing > Next
Send E-mail Notification > Next > Finish > Apply B3: Xem ct Status Completed
Trang 74
B4: Chut phi > view > xem kt qu
Trang 75
10- Caching Ni dung: Download 1 trang web thng truy cp v lu cache, user truy cp nhanh hn1.
To CacheRule
B1- ISAServer Managament > Configuration >Disable the Microsoft Update Cache Rule
Trang 76
B2- Cache Drives > Properties
Trang 77
B3-Maximum cache size (MB): 1000 > Set >OK
Trang 78
2. To Content Download Job B1- Configuration > Cache > New > Content Download Job >Yes
Trang 79
B2- Download Job Name : www.tuoitre.vn
Trang 80
La chn ngy Cache
Thi gian bt u Cache
Trang 81
Content Download >http://www.tuoitre.vn
Content Caching > mc nh >Next > Finish Chuot phi ln Rule va to > Start
Trang 82
Trang 83
Trin khai M hnh VPN TO GATEWAY
1. To domain user u1/123, Properties Allow acess
2. Xc inh Pool s IP c gn ISA Management > Virtual Private Network > VPN Client > Taskpane > Task >Define Address Assignments
Trang 84
Static address pool > Add -
Starting address: 10.10.10.1 Ending address: 10.10.10.200 ( nhiu hn Maximum number of VPN client allowed bc 3 )
Trang 85
3.
Bt tnh nng VPN client access, xc nh s VPN kt ni ti a, ng thi
B1: Chn Configure VPN client Acess
Trang 86
B2: Tab General > Enable VPN client access > 100 ( Maximum number of VPN client allowed )
Trang 87
4. nh ngha nhm VPN client B1: ISA Server Management > Firewall Policy > Toolbox > Users > New > Nhp VPN Client
B2: Add > Windows user and group > chn u1
Trang 88
5. To Rule cho php kt ni VPN Rule Name: VPN Action: Allow Protocols: All Outbound Traffic Source: VPN Client Destination:Internal User: VPN Clients Apply > OK 6. Kim tra: My th 3 ni vi ISA1 bng card Internet B1: Start > Setting > Network Connection
Trang 89
Trang 90
New Connection Wizard > Next > Connect to the network at my workplace >Virtual Private Network connection > nhp VPN Clients > IP card Internet ca ISA1 > Next > Finish
Trang 91
B2: u1/123 > Connect> thnh cng
Trang 92
B3: Start > \\172.16.1.2 > thnh cng
Trang 93
2.4/ nh gi cng c ISA server 2006:2.4.1/ im yu ca ca ISA server so vi Forefront TMG ISA server 2006 khng h tr chy trn windows server 2008 64bit, khng lc URL, Forefront TMG c u c cc tnh nng ca ISA server 2006, v h tr thm cc tnh nng khc :
Trang 94
Forefont TMG l update ca ISA 2006. Mc tiu ca TMG ra i l h tr cho cc phin bn 64bit sau ny ca Microsoft. V d nh hin gi Windows 2008 64bit, Exchange 64bit, Sharepoitn.... TMG ch h tr 64bit m thi, thm vo TMG c tnh n nh cao hn (chy trn 64bit m). Do Forefont TMG l th h sau ca thng ISA 2006 c thm tnh nng chnh: Web and email anti-malware and virus protection. Trong bao gm: Ch chy trn windows server 2008 R2 64bit, bn EBS.H tr th h TCP/IP tip theo (IPv6); Web antivirus v web mail-ware protection; D dng qun l, giao din ngi dng thn thin, bo co nhanh; Lc a ch URL; Thm nh HTTPS: khi client request certificate vi server. Forefont TMG ng gia, xin certificate thay ngi dng. ng thi t sinh ra certificate cho ngi dng; Email antivirus v anti spam; Network intrusion prevent; TFTP Filter; Network functionality Enhancement
Trang 95
2.4.2/ u im ca ISA server 2006 so vi ISA server 2004: V giao din th ISA 2006 ging ISA 2004 n 90%. Tuy nhin, n c nhng tnh nng mi ni tri hn m ISA 2004 vn cn hn ch, chng hn nh:
Pht trin h tr OWA, OMA, ActiveSync v RPC/http Publishing H tr SharePoint Portal Server H tr cho vic kt ni nhiu Certificates ti 1 Web listener H tr vic chng thc LDAP cho Web Publishing Rules c im ni bt ca bn 2006 so vi 2004 l tnh nng Publishing v VPN
V kh nng Publishing Service ISA 2006 c th t to ra cc form trong khi ngi dng truy cp vo trang OWA, qua y h tr chng thc kiu form-based. chng li cc ngi dng bt hp php vo trang web OWA. tnh nng ny c pht trin di dng Add-ins. Cho php public Terminal Server theo chun RDP over SSL, m bo d liu trong phin kt ni c m ha trn Internet (k c password). Block cc kt ni non-encrypted MAPI n Exchange Server, cho php Outlook ca ngi dng kt ni an ton n Exchange Server Rt nhiu cc Wizard cho php ngi qun tr public cc Server ni b ra internet 1 cch an ton. h tr c cc sn phm mi nh Exchange 2007.
Kh nng kt ni VPN Cung cp Wizard cho php cu hnh t ng site-to-site VPN 2 vn phng ring bit. tt nhin ai thch cu hnh bng tay ti tng im mt cng c. tch hp hon ton Quanratine, Stateful filtering and inspection (ci ny th quen thuc ri), kim tra y cc iu kin trn VPN Connection, Site to site, secureNAT for VPN Clients, ...
Trang 96
Cho php Public lun 1 VPN Server khc trong Intranet ra ngoi Internet (th mi gu), h tr PPTP, L2TP/IPSec, IPSec Tunnel site-to-site (vi cc sn phm VPN khc, cha th ci ny u nh).
V kh nng qun l D dng qun l Rt nhiu Wizard Backup v Restore n gin. Cho php y quyn qun tr cho cc User/Group Log v Report cc tt. Cu hnh 1 ni, chy mi ni (ci ISA Enterprise) Khai bo thm server vo array d dng Tch hp vi gii php qun l ca Microsoft: MOM SDK, nu ai thch lp trnh cc gii php tch hp vo ISA 2006 th rt khoi b ny. C cc gii php hardware Cc tnh nng khc H tr nhiu CPU v RAM max 32 node Network Loadbalancing H tr nhiu network, khng cn ong m ci ny, n t cc loi khc. Route/NAT theo tng network Firewall rule a dng IDS (cng tm c) Flood Resiliency HTTP compression Diffserv
Trang 97
2.5/ Li khuyn dnh cho nh qun tr ISA server L mt ngi qun tr ISA Server, bn phi chu trch nhim hon thnh vic trin khai ISA Server, bao gm vic thit k, cho n cu hnh v qun l. ISA Server Management Console c dng qun l v gim st hu ht cc hot ng ca ISA Server. N bao gm nhiu nt c trng c th n gin ha vic qun l. Nh mt phn ca vai tr qun tr ISA Server, bn nn lin tc gim st server. ISA Server cung cp mt vi tnh nng c trng cho php bn thu thp cc thng tin thi gian thc v s thc thi v bo mt ca server, cng nh cho php bn thu thp v phn tch cc phng hng s dng lu di.
III/ Kt lun:Bi bo co tp trung vo cc vn cu hnh h thng ISA SERVER tr thnh mt Firewall mnh m vn p ng c cc yu cu s dng cc dch v t xa, phc v cho c cc Client bn trong truy cp cc dch v bn ngoi (internet), ln cc Client bn ngoi (Internet Clients) cn truy cp cc dch v bn trong Mng t chc. Bi bo co m t cc vn : Server M t chi tit thc hnh trin khai (ISA SERVER) Gip bn hiu cc tnh nng ca ISA Server Cung cp nhng li khuyn c th khi dng ti liu cu hnh ISA
Trang 98
Trn y ch l nhng tm hiu s b ca nhm v ISA server, cc thng tin ch mang tnh cht khi qut qut. ISA server l mt lnh vc kh v rng, tuy nhin c rt nhiu im hp dn i su vo tm hiu.
IV/ Ti liu tham kho:ISA Server 2006 Standard Edition & Enterprise Edition Common Criteria EvaluationSams Microsoft ISAServer 2006 Unleashed Dec 2007 Syngress Dr Tom Shinders ISA Server 2006 Migration Guide Aug 2007
Trang 99
Trang 100