Designing ISA Server 2004 for Organizations of Varying Sizes
Every organization has different needs, and the fact that ISA fits into so many roles means that there are vast numbers of ISA server deployment scenarios. That said, certain typical best practice ISA Server deployment options are commonly seen in many organizations. These deployment options tend to be seen in organizations of specific sizes. To better illustrate this concept, three sample organizations of varying sizes are illustrated in this section to give an example of how ISA is often used today.
Examining an ISA Server 2004 Deployment for a Small Organization
CompanyABC is a 30-person law firm with an office in Minneapolis, MN. All local workstations run in a single, switched network at the office. Several remote users require access to resources in the office from home and while traveling. Often, clients visiting the offices request wireless Internet access, and employees request similar functionality.The ISA design that CompanyABC deployed, illustrated in Figure 4.4, incorporates a single ISA Server 2004 Standard server as the edge firewall for the organization.
Figure 4.4. Examining an ISA deployment at a small organization.
Examining an ISA Server 2004 Deployment for a Midsized Organization
OrganizationY is a city government in the state of Hawaii. With 2000 employees, the city IT department must manage not only external threats, but internal viruses and exploits that often crop up on city desktops and laptops. The city needed to secure its farm of servers, but still maintain functionality for clients on the network.OrganizationY deployed a single ISA Server 2004 Standard Edition server with six network cards, as illustrated in Figure 4.5. Each network card is attached to a separate physical network within the organization as follows:InternetDMZ networkWireless access networkFirst floor client networkSecond floor client networkServer network
Figure 4.5. Examining an ISA deployment at a midsized organization.
Examining an ISA Server 2004 Deployment for a Large Organization
CompanyA is a large financial services organization with 20,000 employees distributed among three major sites in New York, Tokyo, and Paris. CompanyA has had trouble in the past securing and auditing access to their email services. When the decision was made to upgrade their existing Exchange 5.5 environment to Exchange Server 2003, a design process was followed to further secure the environment within the confines of the existing network and security infrastructure. The results of this design are reflected in Figure 4.6.
Figure 4.6. Examining an ISA deployment at a large organization.
[View full size image]