版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡介
企業(yè)級效勞器ISAServer
平安與速度的完美結(jié)合MICROSOFT北京維諾爾計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)有限公司袁子能ISASERVER技術(shù)支Tel:8847243013011035647
E-mail:yuanzineng@平安問題日益增加所有數(shù)據(jù)來自/stats*2001Q1-Q3惡意行為的增長ISASERVERISAServerEditions
ISAServerStandardEditionISAServerEnterpriseEdition功能標(biāo)準(zhǔn)版企業(yè)版▲服務(wù)器的建置單機(jī)運(yùn)作多機(jī)的集中管理▲原則的設(shè)定(policysupport)服務(wù)器本機(jī)服務(wù)器陣列▲硬件支持4顆CPU無限制Web緩存▲擴(kuò)展性適合小型企業(yè)適合中大型企業(yè)▲分散式與階層式緩存僅階層式皆有統(tǒng)一的管理▲Windows?2000ActiveDirectory整合有限完全▲多層次原則無有▲多服務(wù)器管理無有Microsoft?ISAServer2000標(biāo)準(zhǔn)版與企業(yè)版功能比較表安裝ISAServer硬件和軟件的要求選擇安裝模式指定緩存尺寸配置LAT表UpgradingfromMicrosoftProxyServer2.0IdentifyingHardwareandSoftwareRequirementsHardDiskSpace20MBWindows2000Server,
Windows2000AdvancedServer,or
WindowsDatacenterHardDiskFormatNTFSInternalAdapterExternalAdapterActiveDirectoryArraysRAM256MBCPU300MHz
orhigherInstallationModes
CacheModeFirewallModeIntegratedModeMicrosoftISAServerStatusSelectthemodeforthisserver:FirewallmodeSelectthisoptiontoinstallenterprisefirewall
functionality.CachemodeSelectthisoptiontoinstallcacheandWebhosting
functionality.Cachemodeinstallationisrecommendedonlyforcomputers
thatarenotdirectlyconnectedtotheInternet.Ifthis
computerisdirectlyconnectedtotheInternet,installISA
Serverinintegratedmode.IntegratedmodeSelectthisoptiontoinstallintegratedenterprise
firewall,cache,andWebhostingfunctionality.ContinueExitSetup
Selecting
anInstallationModeMicrosoftInternetSecurityandAccelerationServerSetupSetuphasstoppedyourIISpublishingservice(W3SVC).AfterSetupis
complete,uninstallIISorreconfigureallIISsitesnottouseports80and
8080.OKHelpHelpMicrosoftInternetSecurityandAccelerationServerSetupSpecifytheNTFSdrivesonwhichcachesshouldbelocated
andthemaximumsizeofeachcache.Drive: C:[NTFS]Availablespace(MB) 28722Cachesize(MB): 100Totalcachesize(MB): 100MBOKSetDrive [FileSystem] MaximumSize(MB)C: [NTFS] 100CancelHelpSpecifyingtheInitialCacheSizeC: [NTFS] 100Initialcachesizeis100MB.Add0.5MBforeachWebProxyclient.MicrosoftInternetSecurityandAccelerationServerSetupEntertheIPaddressrangesthatspantheinternalnetworkaddressspace.InternalIPranges:From ToEditFromToAdd->Remove->OKCancelHelp00192.168.255MicrosoftInternetSecurityandAccelerationServerSetupEntertheIPaddressrangesthatspantheinternalnetworkaddressspace.InternalIPranges:From ToEditFromToAdd->Remove->Toconstructalocaladdresstable,clickConstruct
Table.ConstructTable…OKCancelHelpConfiguringtheLAT
ClickConstruct
Tabletoconstructalocaladdresstable.1SelectoptionstoaddprivateIPaddressrangesorroutingtableentries.21921681200192168255255Toconstructalocaladdresstable,clickConstruct
Table.ConstructTable…LocalAddressTableSelecttheaddressranges(basedontheWindows2000routingtable)forinclusionin
thelocaladdresstable(LAT).TheLATshouldincludealltheaddressesinyou
internalnetwork.Addthefollowingprivateranges:10.xxx,192.168.xxand172.16.xx-
173.31.xxand169.254.xx..AddaddressrangesbasedontheWindows2000RoutingTableSelecttheaddressrangesthatareassociatedwiththefollowing
internalnetworkadapters:MSLoopBackDriver 293ComEtherLinkPCI(Micros… 00OKCancelHelpCard IPAddressesVerifytheIPaddressesthatdisplayinthelocaladdresstable.3MaintainingtheLATandLDTInternetISAServer00
0000
0025Msplat.txtMsplat.txtClientsUpgradingfrom
MicrosoftWindowsNTUpgradetoWindows2000ProxyServer2.0UpgradingfromMicrosoftProxyServer2.0UpgradingClientComputersPort80Client
RequestsPort
8080ISAServer2000ProxyServer2.0ISAServerWinsockProxyClients
andFirewallClientsISAServer接入形式BastionHost(堡壘型)PerimeterNetworkwithThree-HomedFirewall(三宿主〕PerimeterNetworkwithBack-to-BackFirewalls(背靠背)InternetInternalNetworkFirewallBastionHostPerimeterNetworkwithThree-HomedFirewall
FirewallInternetPerimeterNetworkInternalNetworkPerimeterNetworkwithBack-to-BackFirewalls
ISASRV
ISASRVPerimeterNetworkInternetBranchOffice/SmallBusinessFirewallBranchOfficeor
SmallBusiness實(shí)際連接PerceivedConnectionInternetISAServerISA的設(shè)計(jì)目標(biāo)
Secure,fastInternetconnectivityAccelerationFastWebAccesswithaHigh-PerformanceCacheSecuritySecureInternetConnectivityThroughaMultilayeredFirewallManagementExtensibilityUnifiedManagementwithIntegratedAdministration
ExtensibleandOpenPlatform
需求1:平安的Internet訪問多層次控制方式的防火墻(Multilayer)入侵檢測功能(IntrusionDetection)支持DMZ區(qū)(DMZZone)效勞器發(fā)布功能(ServerPublishing)集成的VPN功能(IntegrationVPN)支持動(dòng)態(tài)包過濾(DynamicFilter)支持NAT“平安鎖緊〞功能(SystemHarden)支持負(fù)載均衡多層次過濾的防火墻
由下至上–保護(hù)每個(gè)層次IP層〔封包過濾〕靜態(tài)過濾動(dòng)態(tài)端口過濾協(xié)議層基于會(huì)話的過濾基于連接的控制應(yīng)用層智能的內(nèi)容探測協(xié)議層Circuit
level應(yīng)用層Application
levelIP層Packet
levelIP包過濾利用IP包頭信息分析IP包內(nèi)容SrcDstpayloadport源地址?目標(biāo)地址?內(nèi)容是什么?請求的端口號(hào)需要什么服務(wù))?IPHeaderUDP/TCPHDRPayload協(xié)議級的平安控制會(huì)話與連接之間的關(guān)系智能的監(jiān)測和控制主連接效勞器客戶端主連接第二連接應(yīng)用層的平安控制智能檢查支持內(nèi)容的過濾和鎖定防范的平安漏洞ClientSMTP:VRFY*CompanyserverDNS:ZoneattackHTTP:Virus!HTTP:ForbiddensiteInternetFiltersandNetworkAccess
Streaming
Media
SMTP
DNSIntrusion
Firewall
AccessPolicy
Allow
HTTP
AllDestinations
InternalNetworkExternalNetworkRulesAppliedStreaming
Media
SMTP
處理外出客戶端請求
Isthereasiteandcontentrulethatdeniestherequest?Isthereaprotocolrulethatdeniestherequest?RequestfrominternalclientDenyrequestRetrieveobjectIsthereaprotocolrulethatallowstherequest?YesNoNoYesYesNoNoIsthereasiteandcontentrulethatallowstherequest?YesNoYesDoesanIPpacketfilter
blocktherequest?Doesaroutingrulespecifyroutingtoan
upstreamserver?YesRouteto
upstreamserverNo入侵檢測功能
IntrusionDetectionIPPacket–LevelAttacks檢測和預(yù)警AlltypesofPortScanIPHalfScanAttackPingofdeathUDPbombattackWinNukeLandattacks應(yīng)用層攻擊
DNSHostnameOverflowDNSLengthOverflowDNSZoneTransferfromPrivilegedPorts(1–1024)DNSZoneTransferfromHighPorts(Above1024)POPBufferOverflowConfiguringIntrusionDetection
IPPacketFiltersPropertiesGeneralOKCancelEnabledetectionoftheselectedattacks:PacketFiltersPPTPWindowsout-of-band(WinNuke)LandPingofdeathIPhalfscanUDPbombPortscanIntrusionDetectionDetectafterattackson 10 well-knownportsDetectafterattackson 20 portsToreceivealertsaboutintrusionattacks,seethepropertiesfor
specificalertsintheAlertsfolder.IntrusiondetectionfunctionalitybasedontechnologyfromInternetSecuritySystems,Inc.,Atlanta,GA,USA,ApplyDNSintrusiondetectionfilterPropertiesGeneralOKCancelFilterincomingtrafficforthefollowing:AttacksDNShostnameoverflowDNSlengthoverflowDNSzonetransferfromprivilegedports(1-1024)DNSzonetransferfromhighports(above1024)ApplySelectAttacksSelecttheoptionsthatarerequiredtoimplementyourmonitoringstrategy.檢測到入侵后可以采取的行動(dòng)記入系統(tǒng)日志發(fā)送郵件執(zhí)行特定的應(yīng)用程序終止特定的效勞啟動(dòng)特定的效勞ISA和Proxy2.0不同的發(fā)布機(jī)制Proxy2.0 *依賴IIS效勞 *被發(fā)布的效勞器需要安裝ProxyClient.
*不支持SSL橋接技術(shù)
ISA*完全獨(dú)立運(yùn)行的效勞,可以完全把IIS卸載。*被發(fā)布的效勞器無需安裝任何軟件?!苍O(shè)置為SecureNET客戶端〕*支持端口的重定向(PortMapping)*支持SSL橋接技術(shù)(SSLBridging)PublishingInternet
ExternalAdapterInternalAdapterWebServerInternalNetworkPublishingServersonaBack-to-BackPerimeterNetwork
LAT
Internal
Network
LAT
Perimeter
Network
WebServerSQLServerInternalNetworkPerimeterNetworkISAServerISAServerInternetPublishingaServer
NametheRuleSpecifyAddressMappingSelectaProtocolSettingSelectaClientTypeStartFinishPublishingaMailServerMailServerSecurityWizardMailServicesSelection
Selectthemailservicesthatyouwouldliketopublishtoyourexternalusers<BackPublishthesemailservices:Default
AuthenticationSSL
AuthenticationIncomingSMTP ApplycontentfilteringOutgoingSMTPIncomingMicrosoftExchange/OutlookIncomingPOP3IncomingIMAP4IncomingNNTPNext>CancelSelecttoapplycontentfilteringtoincomingSMTPtraffic.GuidelinesforUsingPublishingIfyournetworkDoesnothaveaperimeternetworkHasaback-to-backperimeternetworkconfigurationHasathree-homedperimeternetworkconfigurationThenuse
ServerpublishingServerpublishingonbothISAServercomputersRoutingandpacketfilteringbetweentheInternetandperimeternetwork;serverpublishingbetweentheinternalandperimeternetworksNetworkLoadBalancing
InternetCacheCacheISAServerArrayPublishedServerCacheVPNUnderstandingVPNsConnectingRemoteUserstoaCorporateNetworkConnectingRemoteNetworkstoaLocalNetwork
ConnectingRemoteUsers
toaCorporateNetwork
VPNTunnelISAServer
ComputerRemoteUserInternetCorporateNetwork
ConnectingRemoteNetworks
toaLocalNetwork
VPNTunnelISAServer
ComputerRemoteNetworkInternetLocalNetworkISAServer
ComputerConfiguringaVPNtoAcceptClientConnections
ISAVPNServerWizardISAVirtualPrivateNetwork(VPN)ServerSummary
ISAVirtualPrivateNetwork(VPN)ServercanacceptVPNconnectionsfrom
remoteclientsovertheInternet.<BackTheServerwillbeconfiguredwiththepropertieslistedbelow:ConfigureRoutingandRemoteAccessServerasVirtualPrivateNetwork(VPN)Enforcesecuredauthenticationandencryptionmethods.OpenstaticpacketfiltersforallowingPPTPandL2TPoverIPSECprotocols.Thenumberofportsavailableforclientstoconnectis128,butthisnumbercanbeNext>Liststheconfigurationpropertiessetbythewizard.ConfiguringaLocalVPNIdentifytheConnectionsSelecttheProtocol(s)SpecifyCommunicationSpecifyRemoteAddressesSpecifyLocalAddressesSaveConfigurationFileStartFinish
ConfiguringaRemoteVPN
RemoteISAVPNWizardISAVPNComputerConfigurationFile Specifythe.vpcfiletousewhensettingupandconfiguringtheISAVirtualPrivate
Network(VPN)computer.The.vpcfileincludesinformationabouttheremoteISA
VPNcomputer.<BackCancelSpecifythe.vpcfiletouseforsettingupandconfiguringtheISAVPNcomputer.The.vpcfileincludesinformationabouttheremoteISAVPNcomputer.Filename
Browse…Typethepasswordtodecrypttheconfigurationfile.PasswordSpecifythepathandfilenameforthe.vpcfile.Typethepasswordforthefile.Next>需求2:快速的Web訪問改進(jìn)的存儲(chǔ)和檢索機(jī)制內(nèi)存緩存(RAMcaching)主動(dòng)的和定時(shí)的內(nèi)容下載支持陣列(Array&CARP)層次化的緩存系統(tǒng)緩存的類型正向緩存反向緩存分布式緩存InternalNetworkInternalNetworkCacheCacheCacheCacheCacheWebServerInternetInternetInternetTheForwardCachingProcess
GETwww.bjwne.comGETGETwww.bjwne.comObjectissentfromInternetObjectissentfromcacheClient1Client2ISAServerCache12345InternetReverseCaching(互聯(lián)網(wǎng)
企業(yè))InternetISA服務(wù)器CacheWeb伺服器吸收Web負(fù)載的沖擊ISA扮演Web代理效勞器ProcessingRequestsforCachedObjectsRAMDiskCacheDirectoryObjectsObjects1Requesthttp://URLAhttp://URLA3http://URLACacheDirectoryBackupCacheEntry1CacheEntry12主動(dòng)的和定時(shí)的內(nèi)容下載以目標(biāo)生存時(shí)間為根底ISA自動(dòng)分析緩存內(nèi)容的壽命ISA自動(dòng)下載并更新緩存內(nèi)容使用撥號(hào)訪問Internet的用戶應(yīng)考慮使用定時(shí)下載內(nèi)容的方式BranchOffice/SmallBusinessOfficeCacheServerISAServerMainOfficeSmallBusinessCacheCacheBranchOfficeISAServerInternet企業(yè)緩存效勞InternetCorporateNetworkCacheCacheCacheISAServerArrayConfiguringHTTPCachingCacheConfigurationPropertiesGeneralOKCancelApplyNolessthan: 15 MinutesNomorethan: 1 DaysEnableHTTPCachingUnlesssourcespecifiesexpiration,updatesource:RestoreDefaultsHTTPFTPActiveCachingAdvancedFrequently(Expireimmediately)NormallyLessfrequently(Reducednetworktrafficisimportant)SetTimeToLive(TTL)ofobjectincacheto:Thispercentageofcontentage 20
(Timesincecreationofmodification):SelecttoenableHTTPcaching.CacheConfigurationPropertiesGeneralOKCancelEnableFTPcachingRestoreDefaultsHTTPFTPActiveCachingAdvancedConfiguringFTPCachingSpecifyatimeforFTPobjectstoremaininthecache.ApplyTimetoLiveforallobjects:1440 MinutesCacheConfigurationPropertiesGeneralOKCancelApplyEnableactiveCachingActivecachingautomaticallyretrievesfrequentlyaccessedfiles.RestoreDefaultsHTTPFTPActiveCachingAdvancedFrequently
(Clientperformanceismoreimportant)Normally
(Clientperformanceandreducednetworktrafficareequally
important)Lessfrequently
(Reducednetworktrafficismoreimportant)Retrievefiles:Configuring
ActiveCachingSelecttocreateanactivecachingpolicy.CacheConfigurationPropertiesGeneralOKCancelApplyEnableactiveCachingActivecachingautomaticallyretrievesfrequentlyaccessedfiles.RestoreDefaultsHTTPFTPActiveCachingAdvancedFrequently
(Clientperformanceismoreimportant)Normally
(Clientperformanceandreducednetworktrafficareequally
important)Lessfrequently
(Reducednetworktrafficismoreimportant)Retrievefiles:ConfiguringAdvancedCacheSettingsCacheConfigurationPropertiesGeneralOKCancelApplyRestoreDefaultsHTTPFTPActiveCachingAdvancedMaximumsizeofURLcachedinmemory(bytes): 12800Donotreturntheexpiredobject(returnanerrorpage)Returntheexpiredobjectonlyifexpirationwas:AtlessthatthispercentageoforiginalTime 50
toLive:Butnomorethan(minutes): 60 IfWebsiteofexpiredobjectcannotbereached:Percentageofavailablememorytouseforcaching: 50Do
notcacheobjectslargerthan: 1 KBCacheobjectsthathaveanunspecifiedlastmodificationtimeCacheobjectseveniftheydonothaveanHTTPstatuscodeof200Cachedynamiccontent(objectswithquestionmarksintheURL)Selecttoconfigurecachesettingsforspecificobjects.需求3:統(tǒng)一和靈活的管理基于規(guī)那么的管理方式靈活和方便的客戶端部署賬號(hào)可以和Win2000活動(dòng)目錄集成基于MMC的管理界面完善的日志,報(bào)表功能可訂制的報(bào)警功能帶寬控制機(jī)制(QoS)多種幫助向?qū)Х奖愕陌惭b過程創(chuàng)立策略元素PolicyElementOverviewCreatingSchedulesCreatingBandwidthPrioritiesCreatingDestinationSetsCreatingClientAddressSetsCreatingProtocolDefinitionsCreatingContentGroupsNewscheduleName: LunchHoursandWeekendsDescription:
Usethisscheduletopermitaccesstosites
lunchhoursandweekends.OKCancelCreatingSchedules
ClickActivetoaddportionsoftheweek,orclickInactivetoremoveportionsoftheweek.Settheactivationtimesforrulesthatarebasedonthisschedule.12·2·4·6·8·10·12·2·4·6·8·10·12AlSundayMondayTuesdayWednesdayThursdayFridaySaturdaySundayfrom12AMto12AMActiveInactiveCreatingBandwidthRulesNametheRuleSelecttheProtocol(s)SelectaScheduleSelectaClientTypeSelectaDestinationTypeSelectaContentGroupSelectBandwidthPriorityStartFinishCreatingBandwidthPrioritiesNewBandwidthPriorityName:Description
(optional):OKCancelBasicPriorityAssignshighprioritytoincomingtraffic.Outboundbandwidth(1-2000): Inboundbandwidth(1-200): 20NewBandwidthPriorityName:Description
(optional):OKCancelHighPriorityAssignshighprioritytoincomingtraffic.Outboundbandwidth(1-2000): Inboundbandwidth(1-200): 30CreatingSiteandContentRulesNametheRuleSpecifytheRuleActionSelectaDestinationSetSelectaScheduleSelectaClientTypeStartFinishCreatingDestinationSetsRemoveNewDestinationSetName: PartnerWebDescription
(optional):CancelIncludethesecomputers:Name/IPRange PathOKEdit…Add…Add/EditDestinationComputername: nwtraders.msftIPaddresses:CancelToincludeaspecificdirectoryinthedestinationset,typethepath
below.Toincludeallthefiles,usethisformat:/dir/*.Toselectaspecificfile,usethisformat:/dir/filename.Path:/sales/accounts.xlsOKBrowse…From:To(optional):Creating
ClientAddressSetsEditRemoveClientSetName: SupportStaffDescription
(optional): Selecttheaddressesofcomputersthatbelongtothisclient
addressset.Members:From ToAdd…CancelOKAdd/EditIPAddressesClientsetIPaddresses:CancelOKFrom: 192.168.101.0To: 192.168.101.255CreatingProtocolRulesNametheRuleSpecifytheRuleActionSelecttheProtocol(s)SelectaScheduleSelectaClientTypeFinishStartCreatingProtocolDefinitions
Typeanumberbetweenbetween1and65535tospecifytheportnumber.CreatingContentGroupsISAServerincludesseveralpreconfiguredcontentgroups.ISAManagementAction ViewTreeName Description ContentTypesInternetSecurityandAccelerationServer ServersandArrays LONDON Monitoring Computer AccessPolicy Publishing BandwidthRules PolicyElements Schedules BandwidthPriorities DestinationSets ClientAddressSets ProtocolDefinitionsApplication Applications application/hta.application/x-internet-signup.application/x-pkcs7-certificApplicationDataFiles Filescontainingdataforapplications application/x-mscardfile.application/x-perform.application/x-msclip.applAudio Audiofiles audio.*,.ra,.ram,.rmi,.au,.snd,.aif,.aifc,.wav,.m3u,.mid,.mp3CompressedFiles CompressedFiles application/x-gzip,application/x-tar,application/x-gtar,application/x-comDocuments Documents text/tab-separated-values,text/xml,text/h323,application/postscript,applHTMLDocuments HTMLDocuments text/webviewhtml,text/html,.htm,.html,.htt,.stm,.xslImages Allknowntypesofimages .cod,.cmx,.ief,.pbm,.pnm,.ppm,.gif,.bmp,.jfif,.jpe,.jpg,.jpeg,.ico,.pgm,.rasMacroDocuments Documentsthatmaycontainmacr… application/msword,application/vnd.ms-excel,application/x-msaccess,aText Textcontent .txt,.h,.c,.htc,.vcf,.etx,.uls,.css,.bas,.rtx,text/plain,text/x-component,text/Video Videofiles video/*,.asf,.asr,.asx,.avi,.ivf,.lsf,.lsx,.mov,.movie,.mlv,.mp2,.mpa,.mpe,.VRML VRML x-world/x-vrml,.flr,.wrl,.wrz,.xaf,.xof認(rèn)證模式BasicAuthenticationDigestAuthenticationIntegratedWindowsAuthenticationClientCertificateAuthenticationAuthenticationOverviewInternetISAServerSecureNATClientNouser-basedauthentication.FirewallClientAuthenticationisbasedonclientcredentials.WebProxyClientAuthenticationisdependenton
browserandoperatingenvironment.ConfiguringAuthenticationforOutgoingWebRequestsLONDONArrayPropertiesGeneralIncomingWebRequestsSecurityOKCancelAdd…ApplyPerformanceEnableSSLlistenersTCPport: 8080SSLport: 8443ConnectionsOutgoingWebRequestsAutoDiscoveryIdentificationUsethesamelistenerconfigurationforallinternalIPaddresses.ConfigurelistenersindividuallyperIPaddressServer IPAddress DisplayN…Authentic… ServerC…LONDON <Allinternal IntegratedRemoveEdit…Configure…Connectionsettings:AskunauthenticatedusersforidentificationConfiguringAuthenticationMethodsLONDONArrayPropertiesGeneralIncomingWebRequestsSecurityOKCancelAdd…ApplyPerformanceEnableSSLlistenersTCPport: 8080SSLport: 8443ConnectionsOutgoingWebRequestsAutoDiscoveryIdentificationUsethesamelistenerconfigurationforallinternalIPaddresses.ConfigurelistenersindividuallyperIPaddressServer IPAddress DisplayN…Authentic… ServerC…LONDON <Allinternal IntegratedRemoveEdit…Configure…Connectionsettings:AskunauthenticatedusersforidentificationCancelOKServer: LONDONIPAddress: <AllinternalIPaddresses>DisplayName:UseaservercertificatetoauthenticatetowebclientsSelect…AuthenticationBasicwiththisdomain:Digestwiththisdomain:IntegratedClientcertificate(securechannelonly)Selectdomain…Selectdomain…Add/EditListenersAdjustingCacheSizeLONDONPropertiesCacheDrivesLONDONOKCancelApplySet100Maximumcachesize(MB):Totaldiskspace(MB): 39064Totalmaximumcachesize(MB): 100Specifythesizeofthecache.urlcacheFile Edit View Favorites Tools HelpBackdir1 FileFolder 9/6/20009:43PMdir1 100,800KB MicrosoftISAServerCacheFile 9/18/20009:28PMSearchFoldersHistoryGoName Size Type ModifiedAddressurlcacheurlcacheSelectanitemtoviewits
descriptionSeealso:
MyDocuments
MyNetworkPlaces2object(s)98.4MBMyComputerThe.cdatfileonthedrivewillbethesamesizeasthecache.
Drive Type Diskspace… Freespace… CacheSize…AdjustingMemoryAllocationCacheConfigurationPropertiesGeneralOKCancelApplyRestoreDefaultsHTTPFTPActiveCachingAdvancedMaximumsizeofURLcachedinmemory(bytes): 12800Donotreturntheexpiredobject(returnanerrorpage)Returntheexpiredobjectonlyifexpirationwas:AtlessthatthispercentageoforiginalTime 50
toLive:Butnomorethan(minutes): 60 If
Websiteofexpiredobjectcannotbereached:Percentageofavailablememorytouseforcaching: 50Donotcacheobjectslargerthan: 1 KBCacheobjectsthathaveanunspecifiedlastmodificationtimeCacheobjectseveniftheydonothaveanHTTPstatuscodeof200Cachedynamiccontent(objectswithquestionmarksintheURL)Typeanumberbetween1and100tospecifythemaximumpercentageofmemory.由上至下的規(guī)那么實(shí)施結(jié)構(gòu)策略的級別EnterpriseArrayStand-alone策略可以強(qiáng)制組合提升ArrayArrayEnterpriseStand-aloneArrayArrayPromotePromoteActiveDirectory企業(yè)級陣列級在規(guī)那么實(shí)施上的關(guān)系Enterprise
PolicyISA
Server1ISA
Server2ISA
Server3ISA
Server4ISA
Server5ISA
Server6Array
Policy1Array
Policy2Array
Policy3ISA
Server7Standalo
Configuration
CombiningEnterprisePoliciesandArrayPolicies
PropertiesGeneralOKCancelUsearraypolicyonlyApplySpecifywhetherenterprisepoliciesshouldbeenabledforthisarray.Then,selecttheenterprisepolicyyouwanttoapply.AllowpublishingrulesForcepacketfilteringonthearrayOutgoingWebRequestsIncomingWebRequestsPoliciesAutoDiscoveryPerformanceSecurityUsedefaultenterprisepolicysettingsUsecustomenterprisepolicysettingsUsethisenterprisepolicy:EnterprisePolicy1Allowarray-levelaccessrulesthatrestrictenterprisepolicySelectthisoptiontoallowarray-levelsettings.CachArrayRoutingProtocol
Internetarray.dll?Get.Info.v1
WebProxyClientServer2Server1Server3Server4Server5Server1Server2
Server3
Server4Server5
ArrayMembershipListConfiguringCARP(CacheArrayRoutingProtocol)LONDONPropertiesOKCancelAdd…ApplyGeneralOutgoingWebRequestsIncomingWebRequestsPoliciesAutoDiscoveryPerformanceSecurityUsethesamelistenerconfigurationforallinternalIPaddresses.ConfigurelistenersindividuallyperIPaddressIdentificationEnableSSLlistenersServer IPAddress DisplayN… Authentic… ServerC…LONDON <Allinter… IntegratedRemoveEdit…TCPport: 8080SSLport: 8443Configure…AskunauthenticatedusersforidentificationResolverequestswithinarraybeforeroutingConnectionsConnectionsettingsSelecttoenableCARP.LONDONPropertiesOKCancelApplyGeneralArrayMembershipsUsethisIPaddressforintra-arraycommunication:Intra-arraycommunication131.107.3.1Find…Specifytheloadfactorforthisserver.Thisnumberindicatesthe
relativecacheavailabilityofthisservercomparedtotherestofthearraymembers:LoadFactor100ISA的客戶端管理3種客戶端類型WebProxyClientSecureNATClientFirewallClientInternetISAServerSecureNATClient Donotrequireyoutodeployclientsoftwareorconfigureclientcomputers.FirewallClientAllowInternetaccessonlyforauthenticatedusers.WebProxyClientImprovetheperformanceofWebrequestsforinternalclients.配置WebProxy客戶端SelecttheUseaproxyservercheckbox.TypetheportnumberinthePortbox,andthenclickOK.13LocalAreaNetwork(LAN)SettingsAutomaticconfigurationOKCancelAutomaticconfigurationmayoverridemanualsettings.Toensure
theuseofmanualsettings,disableautomaticconfiguration.AutomaticallydetectsettingsUseautomaticconfigurationscript008080
ProxyServerUseaproxyserverAddress:Port:BypassproxyserverforlocaladdressesTypetheIPaddressornameoftheISAServercomputerintheAddressbox.2ISAServer–Microsoft’sFirewall
ISAServer結(jié)構(gòu)zWebProxy
ClientSecureNAT
ClientFirewall
ClientLocal
Area
NetworkWebProxyServiceFirewall
ServiceWebFilterPacketFilteringThirdPartyFilterStreamingFilterSMTPFilterH.323FilterFTPFilterCacheInternetNAT
DriverHTTP
Redirector帶寬控制機(jī)制用來控制網(wǎng)絡(luò)的使用情況通過如下方式控制帶寬使用分級帶寬控制規(guī)那么帶寬控制機(jī)制能做什么限制多媒體信息在整個(gè)帶寬中的百分比授予指定的用戶更高的優(yōu)先級ISAServerAlertEventsISAManagementAction ViewTreeName Description Server EventInternetSecurityandAccelerationServer ServersandArrays LONDON Monitoring Computer AccessPolicy SiteandContentRules ProtocolRules IPPacketFilters Publishing BandwidthRules PolicyElements CacheConfiguration MonitoringConfiguration Alerts Logs ReportJobs Extensions ApplicationFilters WebFilters NetworkConfiguration ClientConfiguration H.323GatekeepersAlertactionfailure Theactionassociatedwiththisalertfa… PHOENIX AlertactionfailureCachecontainerinitializationerror Thecachecontainerinitializationfaile… PHOENIX CachecontainerinitializationCachecontainerrecoverycomplete Recoveryofasinglecachecontainer… PHOENIX Cachecontainerrecovery…Cachefileresizefailure Theoperationtoreducethesizeofthe… PHOENIX CachefileresizefailureCacheinitializationfailure TheWebcacheproxywasdisabledto… PHOENIX CacheinitializationfailureCacherestorationcompleted Thecachecontentrestorationwasco… PHOENIX CacherestorationcompletedCachewriteerror Therewasafailureinwritingcontent… PHOENIX CachewriteerrorCachedobjectdiscarded Duringcacherecovery,anobjectwith… PHOENIX CacheobjectdiscardedComponentloadfailure Failedtoloadanextensioncomponent… PHOENIX ComponentloadfailureConfigurationerror Anerroroccurredwhilereadingconfig… PHOENIX ConfigurationerrorDial-on-demandfailure Failedtocreateadial-on-demandcon… PHOENIX Dial-on-demandfailureDNSintrusion Ahostnameoverflow,lengthoverflow… PHOENIX DNSintrusionEventlogfailure Anattempttologtheeventinformaito… PHOENIX EventlogfailureFirewallcommunicationfailure Thereisafailureincommunicationbet… PHOENIX Client/servercommunica..Intrusiondetected Anintrusionwasattemptedbyanexte… PHOENIX IntrusiondetectedInvaliddial-on-demandcredentials Dial-on-demandcredentialsareinvalid PHOENIX Invaliddial-on-demandcr..InvalidODBClogcredentials Thespecifiedusernameorpassword… PHOENIX InvalidODBClogcredent…IPpacketdropped IPpacketwasdro
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 《冰川速效救心滴丸活血化瘀作用的實(shí)驗(yàn)研究》
- 職場溝通與制作技巧
- 《基于砂濾附著物接種的生物濾池完全氨氧化啟動(dòng)特性研究》
- 《兩周高強(qiáng)度間歇運(yùn)動(dòng)對久坐女大學(xué)生抑制控制、工作記憶功能和運(yùn)動(dòng)皮層可塑性的影響》
- 《UiO-66基復(fù)合材料的制備及其選擇性催化氧化H2S性能研究》
- 《時(shí)間管理傾向、學(xué)業(yè)延遲滿足、未來時(shí)間洞察力與學(xué)業(yè)拖延的關(guān)系研究》
- 2024-2030年中國汽車保險(xiǎn)杠行業(yè)供需預(yù)測及投資戰(zhàn)略分析報(bào)告
- 護(hù)理課程設(shè)計(jì)思路
- 2024-2030年中國柑橘酮境外融資報(bào)告
- 2024-2030年中國機(jī)械停車設(shè)備行業(yè)發(fā)展分析及前景規(guī)劃研究報(bào)告
- 碳匯潛力評估
- 2024年江蘇省鹽城市大數(shù)據(jù)產(chǎn)業(yè)園(數(shù)夢小鎮(zhèn))管理辦公室招聘4人公開引進(jìn)高層次人才和急需緊缺人才筆試參考題庫(共500題)答案詳解版
- MOOC 藥物代謝動(dòng)力學(xué)-中國藥科大學(xué) 中國大學(xué)慕課答案
- 水利工程運(yùn)維水利工程運(yùn)行和日常維修養(yǎng)護(hù)方案
- 爬墻機(jī)器人設(shè)計(jì)-機(jī)器人結(jié)構(gòu)設(shè)計(jì)+外文翻譯
- 2024年哈爾濱鐵道職業(yè)技術(shù)學(xué)院單招職業(yè)技能測試題庫及答案解析
- 鄉(xiāng)村內(nèi)碳排放量計(jì)算方法
- 中職電子專業(yè)課課程標(biāo)準(zhǔn)
- 科研思路與方法智慧樹知到期末考試答案2024年
- 教科版小學(xué)科學(xué)二年級上冊《科學(xué)閱讀》教案教學(xué)設(shè)計(jì)
- 蘇教版數(shù)學(xué)六年級上冊口算題大全(全冊各類完整)
評論
0/150
提交評論