Microsoft Internet Security and Acceleration Server
Encyclopedia
Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security and Acceleration Server (ISA Server), is a network security and protection solution for Microsoft Windows
, described by Microsoft
as "enables businesses by allowing employees to safely and productively use the Internet for business without worrying about malware and other threats
".
. Microsoft Proxy Server v1.0 was a basic product designed to provide Internet Access for clients in a LAN Environment via TCP/IP. Support was also provided for IPX/SPX networks (primarily used in legacy Novell NetWare
environments), through a WinSock
translation/tunnelling client which allowed TCP/IP applications, such as web browsers, to operate transparently without any TCP/IP on the wire. Although well-integrated into Windows NT4, Microsoft Proxy Server v1.0 only had basic functionality, and came in only one edition. Extended support for Microsoft Proxy Server v1.0 ended on 31 March 2002.
Microsoft Proxy Server v2.0 was launched in December 1997, and included better NT Account Integration, improved packet filtering support, and support for a wider range of network protocols. Microsoft Proxy Server v2.0 exited the extended support phase and hit End of Life on the 31 December 2004.
not included in the Standard Edition. ISA Server 2000 required Windows 2000
(any edition), and will also run on Windows Server 2003
. In accordance with Microsoft's Support Lifecycle Policy, ISA Server 2000 was the first ISA Server product to use the 10 year support lifecycle with 5 years of Mainstream support and five years of Extended support. ISA Server 2000 reached End of Life on the 12 April 2011.
support, Active Directory
integration, SecureNAT, and improved reporting and management features. The rules based configuration was also considerably simplified over ISA Server 2000 version.
ISA Server 2004 Enterprise Edition included array support, integrated Network Load Balancing
(NLB), and Cache Array Routing Protocol
(CARP). One of the core capabilities of ISA Server 2004, dubbed Secure Server Publishing, was its ability to securely expose their internal servers to Internet. For example, some organizations use ISA Server 2004 to publish their Microsoft Exchange Server
services such as Outlook Web Access
(OWA), Outlook Mobile Access (OMA) or ActiveSync
. Using the Forms-based Authentication (FBA) authentication type, ISA Server can be used to pre-authenticate web clients so that traffic from unauthenticated clients to published servers is not allowed.
ISA Server 2004 is available in two editions, Standard and Enterprise. Enterprise Edition contains features enabling policies to be configured on an array level, rather than on individual ISA Servers, and load-balancing across multiple ISA Servers. Each edition of ISA Server is licensed per processor. (The version included in Windows Small Business Server 2000/2003 Premium includes licensing for 2 processors.)
ISA Server 2004 runs on Windows Server 2003
Standard or Enterprise Edition. Appliance hardware containing Windows Server 2003 Appliance Edition and ISA Server Standard Edition is available from a variety of Microsoft Partners.
. This version only runs on the 64-bit edition of Windows Server 2008 and does not support Enterpise edition features such as array support or Enterprise policy.
, malware protection and BITS caching. Service Pack
1 for this product was released on 23 June 2010. It includes several new features to support Windows Server 2008 R2
and Microsoft SharePoint 2010
lines of products. Service Pack 2 for this product was released on 10 October 2011.
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, described by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
as "enables businesses by allowing employees to safely and productively use the Internet for business without worrying about malware and other threats
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
".
Features
Microsoft Forefront TMG offers a set of features which include:- Routing and remote access features: Microsoft Forefront TMG can act as a router, an Internet gatewayGateway (telecommunications)In telecommunications, the term gateway has the following meaning:*In a communications network, a network node equipped for interfacing with another network that uses different protocols....
, a virtual private networkVirtual private networkA virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
(VPN) server, a network address translationNetwork address translationIn computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
(NAT) server and a proxy serverProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
. - Security features: Microsoft Forefront TMG is a firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
which can inspect network traffic (including web contents, secure web contentsHttpsHypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
and emails) and filter out malwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, attempts to exploit security vulnerabilitiesVulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
and content that does not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers application layer protectionApplication layer firewallAn application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall...
, stateful filteringStateful firewallIn computing, a stateful firewall is a firewall that keeps track of the state of network connections traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections...
, content filteringContent filteringContent filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. It is most widely used on the internet to filter email and web access.- Content filtering of email :...
and anti-malware protection. - Network performance features: Microsoft Forefront TMG can also improve network performance: It can compress web traffic to improve communication speed. It also offers web cachingWeb cacheA web cache is a mechanism for the temporary storage of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag...
: It can cache frequently-accessed web contents so that users can access them faster from the local network cache. Microsoft Forefront TMG 2010 can also cache data received through Background Intelligent Transfer ServiceBackground Intelligent Transfer ServiceBackground Intelligent Transfer Service is a component of Microsoft Windows XP and later operating systems that facilitates prioritized, throttled, and asynchronous transfer of files between machines using idle network bandwidth...
, such as updates of software published on Microsoft Update website.
Microsoft Proxy Server
The Microsoft Forefront Threat Management Gateway product line originated with Microsoft Proxy Server. Developed under the code-name "Catapult", Microsoft Proxy Server v1.0 was first launched in January 1997, and was designed to run on Windows NT 4.0Windows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...
. Microsoft Proxy Server v1.0 was a basic product designed to provide Internet Access for clients in a LAN Environment via TCP/IP. Support was also provided for IPX/SPX networks (primarily used in legacy Novell NetWare
Novell NetWare
NetWare is a network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, with network protocols based on the archetypal Xerox Network Systems stack....
environments), through a WinSock
Winsock
In computing, the Windows Sockets API , which was later shortened to Winsock, is a technical specification that defines how Windows network software should access network services, especially TCP/IP. It defines a standard interface between a Windows TCP/IP client application and the underlying...
translation/tunnelling client which allowed TCP/IP applications, such as web browsers, to operate transparently without any TCP/IP on the wire. Although well-integrated into Windows NT4, Microsoft Proxy Server v1.0 only had basic functionality, and came in only one edition. Extended support for Microsoft Proxy Server v1.0 ended on 31 March 2002.
Microsoft Proxy Server v2.0 was launched in December 1997, and included better NT Account Integration, improved packet filtering support, and support for a wider range of network protocols. Microsoft Proxy Server v2.0 exited the extended support phase and hit End of Life on the 31 December 2004.
ISA Server 2000
On 18 March 2001, Microsoft launched Microsoft Internet Security and Acceleration Server 2000 (ISA Server 2000). ISA Server 2000 introduced the Standard and Enterprise editions, with Enterprise-grade functionality such as High-Availability ClusteringClustering
Clustering can refer to the following:In demographics:* Clustering , the gathering of various populations based on factors such as ethnicity, economics or religion.In graph theory:...
not included in the Standard Edition. ISA Server 2000 required Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
(any edition), and will also run on Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
. In accordance with Microsoft's Support Lifecycle Policy, ISA Server 2000 was the first ISA Server product to use the 10 year support lifecycle with 5 years of Mainstream support and five years of Extended support. ISA Server 2000 reached End of Life on the 12 April 2011.
ISA Server 2004
Microsoft Internet Security and Acceleration Server 2004 (ISA Server 2004) was released on the 8 September 2004. ISA Server 2004 introduced multi-networking support, integrated virtual private networking configuration, extensible user and authentication models, application layer firewallApplication layer firewall
An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall...
support, Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
integration, SecureNAT, and improved reporting and management features. The rules based configuration was also considerably simplified over ISA Server 2000 version.
ISA Server 2004 Enterprise Edition included array support, integrated Network Load Balancing
Network Load Balancing
Network load balancing is the ability to balance traffic across two WAN links without using complex routing protocols like BGP.This capability balances network sessions like Web, email, etc...
(NLB), and Cache Array Routing Protocol
Cache Array Routing Protocol
The Cache Array Routing Protocol is used in load-balancing HTTP requests across multiple proxy cache servers. It works by generating a hash for each URL requested...
(CARP). One of the core capabilities of ISA Server 2004, dubbed Secure Server Publishing, was its ability to securely expose their internal servers to Internet. For example, some organizations use ISA Server 2004 to publish their Microsoft Exchange Server
Microsoft Exchange Server
Microsoft Exchange Server is the server side of a client–server, collaborative application product developed by Microsoft. It is part of the Microsoft Servers line of server products and is used by enterprises using Microsoft infrastructure products...
services such as Outlook Web Access
Outlook Web Access
Outlook Web App , originally called Outlook Web Access and before that Exchange Web Connect , is a webmail service of Microsoft Exchange Server 5.0 and later...
(OWA), Outlook Mobile Access (OMA) or ActiveSync
ActiveSync
ActiveSync is a mobile data synchronization technology and protocol developed by Microsoft, originally released in 1996. There are two implementations of the technology: one which synchronizes data and information with handheld devices with a specific desktop computer , and another technology,...
. Using the Forms-based Authentication (FBA) authentication type, ISA Server can be used to pre-authenticate web clients so that traffic from unauthenticated clients to published servers is not allowed.
ISA Server 2004 is available in two editions, Standard and Enterprise. Enterprise Edition contains features enabling policies to be configured on an array level, rather than on individual ISA Servers, and load-balancing across multiple ISA Servers. Each edition of ISA Server is licensed per processor. (The version included in Windows Small Business Server 2000/2003 Premium includes licensing for 2 processors.)
ISA Server 2004 runs on Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
Standard or Enterprise Edition. Appliance hardware containing Windows Server 2003 Appliance Edition and ISA Server Standard Edition is available from a variety of Microsoft Partners.
ISA Server 2006
Microsoft Internet Security and Acceleration Server 2006 (ISA Server 2006) was released on 17 October 2006. It is an updated version of ISA Server 2004, and retains all features from ISA Server 2004 except Message Screener.ISA Server Appliance Edition
Microsoft also offer ISA Server 2006 Appliance Edition, software designed to be pre-installed onto an OEM hardware that is sold by the hardware manufacturer as a stand alone firewall type device.Microsoft Forefront TMG MBE
Microsoft Forefront Threat Management Gateway Medium Business Edition (Forefront TMG MBE) is the next version of ISA Server which is also included with Windows Essential Business ServerWindows Essential Business Server
Windows Essential Business Server 2008 was Microsoft's server offering for mid-size businesses . It was released to manufacturing on 16 September 2008 and was officially launched on the 12 December 2008...
. This version only runs on the 64-bit edition of Windows Server 2008 and does not support Enterpise edition features such as array support or Enterprise policy.
Microsoft Forefront TMG 2010
Microsoft Forefront Threat Management Gateway 2010 (Forefront TMG 2010) was released on 17 November 2009. It is built on the foundation of ISA Server 2006 and provides enhanced web protection, native 64-bit support, support for Windows Server 2008 and Windows Server 2008 R2Windows Server 2008 R2
Windows Server 2008 R2 is a server operating system produced by Microsoft. It was released to manufacturing on July 22, 2009 and launched on October 22, 2009. According to the Windows Server Team blog, the retail availability was September 14, 2009. It is built on Windows NT 6.1, the same core...
, malware protection and BITS caching. Service Pack
Service pack
A service pack is a collection of updates, fixes or enhancements to a software program delivered in the form of a single installable package. Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain ...
1 for this product was released on 23 June 2010. It includes several new features to support Windows Server 2008 R2
Windows Server 2008 R2
Windows Server 2008 R2 is a server operating system produced by Microsoft. It was released to manufacturing on July 22, 2009 and launched on October 22, 2009. According to the Windows Server Team blog, the retail availability was September 14, 2009. It is built on Windows NT 6.1, the same core...
and Microsoft SharePoint 2010
Microsoft SharePoint
Microsoft SharePoint is a web application platform developed by Microsoft. First launched in 2001, SharePoint is typically associated with web content management and document management systems, but it is actually a much broader platform of web technologies, capable of being configured into a wide...
lines of products. Service Pack 2 for this product was released on 10 October 2011.
See also
- Windows Server SystemWindows Server SystemMicrosoft Servers is a brand that encompasses a line of Microsoft server products. This includes the server editions of Microsoft Windows operating system itself, as well as products targeted at the wider business market...
- Microsoft ForefrontMicrosoft ForeFrontMicrosoft Forefront is a family of line-of-business security software by Microsoft Corporation. Microsoft Forefront products protect computer networks, network servers and individual devices....
- Microsoft Forefront Unified Access GatewayMicrosoft Forefront Unified Access GatewayMicrosoft Forefront Unified Access Gateway , is a reverse proxy and VPN solution that provides secure remote access to corporate networks for remote employees and business partners. It is part of the Microsoft Forefront offering. It incorporates various remote access technologies such as reverse...