لطفا منتظر باشید ...
Lesson 1 Creating a Basic Cache Policy with Routing Rules
In its function as a cache server, ISA Server improves network performance by maintaining a cache of frequently requested Web objects. Creating a cache policy entails configuring routing rules, cache configuration properties, and optionally, access policy and publishing rules. This lesson presents an overview of how to configure a cache policy and focuses on the most basic aspect of this process—creating routing rules.
After this lesson, you will be able to
Describe how ISA Server determines whether to retrieve a requested object from the cache or from its specified location
Create a routing rule that determines how ISA Server should handle client requests for Web objects
Estimated lesson time: 40 minutes
How Caching Works
ISA Server maintains a cache of frequently requested Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) objects. Whenever ISA Server receives a request for Web or FTP content, ISA Server attempts to fulfill the client request from the cache. If the request cannot be fulfilled from the cache, the ISA Server computer initiates a new request on behalf of the client. Depending on how you set up routing rules, you can configure ISA Server to cache external content for outgoing requests (forward caching), internal content for incoming requests (reverse caching), or both. Once the destination Web or FTP server responds to the ISA Server computer, the ISA Server computer caches the response to the original client request and sends a response to the client.
ISA Server includes an HTTP redirector filter, which allows both firewall and SecureNAT clients to benefit from the caching features. When the HTTP redirector is enabled, Web requests from Firewall and SecureNAT clients can both be cached.
If ISA Server is installed in Firewall mode, it does not maintain a cache.
Processing Caching Rules
ISA Server consults both cache configuration properties and routing rules to determine whether to retrieve a requested object from its cache or to retrieve it from another server.
Cache Configuration Properties
Cache configuration properties refer to the set of configurable options available on the Cache Configuration Properties dialog box. These options include setting the expiration policy (TTL parameters for objects in the cache), the active caching policy, the maximum size of objects in the cache, the maximum size of Uniform Resource Locators (URLs) cached in memory, and the percentage of available memory to use for caching.
As shown in Figure 5.1, you can access the Cache Configuration Properties dialog box either by right-clicking the Cache Configuration node and selecting Properties, or by selecting the Cache Configuration node and clicking the Configure Cache Policy icon in Taskpad view.
Cache configuration properties are discussed in detail in Lesson 2 of this chapter.
Figure 5.1 Accessing cache configuration properties
Routing Rules
The most basic aspect of creating a cache policy is to configure routing rules that specify when ISA Server should cache content and when ISA Server should retrieve content from the cache. Routing rules can be configured in ISA Management through the Network Configuration node.
When to Cache Content
Routing rules are responsible for storing retrieved objects in the cache. When you create a new routing rule, you can specify whether to store all retrieved objects (including dynamic content) in the cache, to store retrieved objects only when the source and request headers indicate to cache, or never to store retrieved objects in the cache. ISA Server's default routing rule caches content only when the source and request headers indicate to cache, and the cache properties for this rule cannot be modified. To enable ISA Server to store all content in the cache, you must create a new routing rule.
When to Retrieve Objects from the Cache
By using routing rules, you can specify when ISA Server should answer a Web request by consulting the cache and when to forward the request to an upstream server. When defining a new routing rule, you may configure ISA Server to retrieve the requested object from the cache only when a non-expired version of the object exists in the cache, and to route the request upstream when none exists; to retrieve any version of the requested object, and to route the request upstream when none exists; or to retrieve any version of the object and never to route the request.
The default routing rule specifies that ISA Server should route the request unless ISA Server can retrieve a valid version of the requested object from the cache. Since you cannot modify the caching properties of the default routing rule, you must create a new rule if you want to change how and when ISA Server retrieves content from the cache.
Applying Routing Rules to Particular Destinations
A routing rule will apply to a given request when the destination of the request matches the specified destination of a routing rule. You can configure a routing rule for all destinations, for all internal destinations, for all external destinations, for a specific destination set, or for all destinations except a specific destination set. This flexibility allows you to configure separate caching behavior for forward and reverse caching, or to configure caching behavior specific to any particular destination.
Reverse caching is configured by routing rules that specify internal destinations.
Follow these steps to create a routing rule:
In the console tree of ISA Management, right-click the Routing folder, point to New, and then click Rule.
In the New Routing Rule wizard, type the name of the routing rule, and then click Next.
On the Destination Sets screen, select the type of destination or the destination set to which the rule should apply, and then click Next.
On the Request Action screen, select how ISA Server should route client requests: directly from the specified destination, from an upstream server, or from a hosted site. You can also specify if a dial-up entry should be used.
On the Cache Retrieval Configuration screen, specify whether ISA Server should look in its cache for the requested object.
On the Cache Content Configuration screen, specify when objects should be cached.
Once you create a new routing rule, you can later reconfigure the cache properties for that rule, as shown in Figure 5.2.
Figure 5.2 Routing rule properties for caching
Follow these steps to modify caching properties for an existing routing rule:
In the console tree of ISA Management, click the Routing folder.
In the details pane, right-click the applicable routing rule, and then click Properties. (You must select a rule other than the default rule.)
On the Cache tab, select one of the following options contained in the Search Cache For section:
If the object should be retrieved from the cache only if the object is available and has not expired, click the A Valid Version Of The Object; If None Exists, Retrieve The Request Using The Route Defined On The Action Tab radio button. This option will route the request upstream when no valid (non-expired) version of the object exists in the cache.
If the object should be retrieved from the cache whenever any version of the object is available, click the Any Version Of The Object; If None Exists, Retrieve The Request Using The Route Defined On The Action Tab radio button. This option will route the request upstream when no version of the object (valid or not) exists in the cache.
If the object should be retrieved only if it is in the cache, click the Any Version Of The Requested Object In The Cache, Never Route The Request radio button. This option will never route requests upstream.
On the Cache tab, select one of the following options contained in the Cache Content section:
If you want all content to be cached, select the All Content, Including Dynamic Content, Will Be Cached radio button.
If you want content to be cached only if source and request headers indicate to cache, select the If Source And Request Headers Indicate To Cache, Then The Content Will Be Cached radio button.
If retrieved objects should not be cached, select the No Content Will Ever Be Cached radio button.
Follow these steps to configure how routing rules retrieve requests:
In the console tree of ISA Management, click the Routing folder.
In the details pane, right-click the applicable routing rule, and then click Properties.
On the Action tab, select one of the following options:
To retrieve the requested object directly from the Internet, click the Retrieving Them Directly From The Specified Destination radio button.
If an upstream server should service the request, click the Routing Them to A Specified Upstream Server radio button and configure the primary and backup route.
If the request should be redirected to a different computer, click the Redirecting Them to A Hosted Site radio button and configure the site, port, and Secure Sockets Layer (SSL) port.
(Optional) If you route the request directly to the specified destination or to an upstream server, and if you want to use a dial-up connection as the primary route for the request, click the Use Dial-up Entry For Primary Route check box. Choosing this option will enable auto-dial capability from Web Proxy clients.
(Optional) If you select to route the request directly to an upstream server, and you want to specify a dial-up connection as a backup route, click the Use Dial-up Entry For Backup Route check box.
Routing rules also determine whether the results from a request will be cached, and whether to cache dynamic content as well as non–dynamic content. In ISA Server, an object with dynamic content is one that contains a question mark (?) in its address.
Routing rules can be applied either to all request destinations, to all internal destinations, to all external destinations, to a specified destination set, or to all destinations except a specified destination set.
Follow these steps to specify the destination for a routing rule:
In the console tree of ISA Management, click the Routing folder.
In the details pane, right-click the applicable routing rule, and then click Properties.
On the Destinations tab, click one of the following destinations to which the routing rule applies.
All Destinations
All External Destinations
All Internal Destinations
Selected Destination Set
All Destinations Except Selected Set
If you chose Selected Destination Set or All Destinations Except Selected Set, in the Name drop-down list box, select a destination set.
If the destination set that you want to specify does not exist, you can click New to create it, and then later select it from the list in the Name field.
You can see all of the ISA Server routing rules by selecting the Routing folder under the Network Configuration node in ISA Management and viewing the details pane.
Rule Order
Routing rules are ordered, with the default routing rule processed last. For each new connection, the ISA Server computer processes the routing rules in order from first to last. If the request matches the conditions specified by the rule, the request is routed, redirected, and cached accordingly. Otherwise, the next rule is processed. This continues until the last rule (the default rule) is processed and applied to the request.
Follow these steps to change the order of a routing rule:
In the console tree of ISA Management, click the Routing folder.
In the details pane, right-click the rule whose order you want to change, and then click Move Up or Move Down. Two rules plus the default rule must be present for the Move Up and Move Down options to appear.
Repeat as necessary to arrange the rules in the desired order.
You cannot change the position of the default rule.
Default Routing Rule
When you install ISA Server, it configures a default routing rule. The default rule is initially configured so that a non-expired, cached version of a requested object is retrieved if one exists. If a valid object is not in the cache, the default rule specifies that the object should be retrieved directly from the Internet. It is important to note that the default routing rule specifies that dynamic content should not be cached.
The default routing rule is processed last. You can modify the properties on the Action tab of the Default Rule Properties dialog box, and you can modify how the rule redirects outgoing Web requests (Bridging tab), but you cannot delete the default routing rule.
Processing Flow for Caching
Figure 5.3 illustrates the processing flow for caching objects. The figure illustrates how ISA Server analyzes routing rules, cache configuration, and existing cache content to determine whether an object should be retrieved from the cache.
Figure 5.3 Process flow for caching objects
If the user request is allowed, ISA Server checks to determine if the object exists in its cache. If the request is made to an array of ISA Server computers, the Cache Array Routing Protocol (CARP) algorithm is used to determine which server's cache should be checked. If the object is not in the cache, ISA Server checks the routing rule's action to determine how to route the request. If the object is in the cache, ISA Server performs the following steps:
ISA Server checks if the object is valid. The object is considered invalid if one of the following conditions is true:
The TTL specified in the source has expired.
The TTL that you configured in a scheduled cache content download job has expired.
The TTL that you configured for the object in the Cache Configuration Properties dialog box has expired.
If the object is valid, ISA Server retrieves the object from the cache and returns it to the user.
If the object is invalid, ISA Server checks the applicable routing rule. If you configured the routing rule cache properties to return any version of the object, ISA Server retrieves the invalid object from the cache.
If the routing rule is configured to route the request, ISA Server determines whether to route the request to the upstream server or to the requested Web server.
If the routing rule is configured to route the request to the Web server, ISA Server checks to determine if the Web server is accessible.
If the Web server is not accessible, ISA Server checks if you configured the server to return expired objects from the cache. If you elected to return the expired object, the object is returned from the cache to the user.
If the Web server is available, ISA Server determines if the object is cacheable. If so, and if you configured the routing rule's cache properties to cache the response, ISA Server caches the object and returns the object to the user.
Cache Filtering
By applying different routing rules to different destinations, you can configure ISA Server to cache content only from the destinations you choose. This effectively lets you filter which content will be cached.
For example, you might not want to cache objects from a particular Internet server, called example.microsoft.com. You can configure a routing rule with the following properties:
A destination set that includes example.microsoft.com.
A request action set to the applicable routing method.
The cache configured so that it never caches responses to the request. This ensures that content always comes straight from the source and is never outdated.
Additional Cache Policy
Some cache behavior may be determined by site and content rules and publishing rules.
When you install ISA Server in Cache mode, site and content rules add an access policy mechanism and security features to a cache-only scenario. The site and content rules limit which sites and Multipurpose Internet Mail Extensions (MIME) content can be accessed by specific Internet users and client computers.
Web publishing rules map requests from Internet clients to the appropriate Web server on the corporate network. Web publishing rules affect reverse caching behavior by determining which client address sets can access the cache and which servers can upload data to the cache.
Practice: Caching Dynamic Content
The cache properties of the default routing rule are not configurable, so to change the type of content that ISA Server caches, you need to create a new routing rule that always caches content. When this routing rule is applied to a request, it caches the results of the request regardless of whether the content is dynamic or non-dynamic.
To create a routing rule that always caches content
In ISA Management, navigate to Servers and Arrays, MyArray, Network Configuration, Routing.
Right-click the Routing folder, point to New, and then click Rule.The New Routing Rule wizard appears.
In the Routing Rule Name text box, type Cache Dynamic Content.
Click Next.The Destination Sets screen appears.
Leave the default as All Destinations, and then click Next.The Request Action screen appears.
Leave the default action as Retrieve Them Directly From Specified Destination, and then click Next.The Cache Retrieval Configuration screen appears.
Leave the default as A Valid Version Of The Object; If None Exists, Retrieve The Request Using The Specified Requested Action, and then click Next.The Cache Content Configuration screen appears.
Select the All Content, Including Dynamic Content, Will Be Cached radio button and then click Next.The Completing The New Routing Rule Wizard screen appears.
Click Finish.The Cache Dynamic Content routing rule appears in the details pane.
Lesson Summary
Though your complete cache policy in ISA Server includes cache configuration properties and, potentially, access policy and publishing rules, the routing rules you configure will determine what should be cached and when a request should be retrieved from the cache. This is the most fundamental aspect of your cache policy.
Routing rules, which are configured through the Network Configuration node in ISA Management, determine whether ISA Server will handle a request. Routing rules do one of the following:
Route the request upstream unless ISA Server can return a valid (non-expired) version of the requested object from the cache;
Route the request upstream unless ISA Server can return any version of the requested object (valid or not) from the cache; or
Route any version of the requested object from the cache and never routing the request.
Routing rules also determine when to cache content after a request is fulfilled: always, never, or only when both source and request headers indicate to cache.
Any routing rule you create can be applied to all destinations, to all internal destinations, to all external destinations, to a specific destination set, or to all destinations except a specific destination set. By applying different routing rules to different destinations, you can configure ISA Server to cache content only from the destinations you choose.
Routing rules are ordered, and the default routing rule is processed last. If a request matches the conditions specified by a rule, the request is routed, redirected, and cached according to that rule. Otherwise, the next rule is processed. The default routing rule is initially configured to handle Web requests so that requests are routed upstream unless a non-expired version of the requested object exists in the cache. In addition, the default routing rule only stores retrieved objects in the ISA Server cache when both source and request headers indicate to cache. Because these properties of the default routing rule cannot be changed, you must create new routing rules if you want to configure a customized cache policy.
