Although ISA Server has only recently begun to gain wide industry acceptance, it actually has a long history relative to other computer products. The original version of this product, Proxy Server 1.x/2.x, was geared more toward web caching and proxy capabilities, but newer versions, namely ISA Server 2000 and the subsequent 2004, have stressed and focused on the security aspects of the product, improving them and adding functionality. To better understand where ISA Server is today, it is important to get a better understanding of how it got where it is.
Outlining Initial Microsoft Security Solutions
In the early days of networking, before the wide acceptance of the Internet, the focus of security was more directed toward making sure that files and folders on a network were kept safe from prying eyes. Communications between computers were deliberately built to be open and extensible, to facilitate the transfer of information between the devices on the network. As networking evolved, these networks became more and more interconnected, often to other networks that could not be trusted, such as the Internet in general. To protect computers from access via these outside networks, devices known as firewalls were placed between the untrusted and trusted networks to block access from the former to the latter.
While this was occurring, Microsoft products were changing and evolving to match the computing needs of the time, and focus was placed on making Microsoft products embrace the Internet. Focus was put on the need to provide enhanced access for clients to the Internet. As a direct result of this, the development of a product to provide web proxy capabilities to Microsoft clients took shape.
Exploring a New ProductProxy Server
In 1996, the Internet browser wars between the Netscape Navigator product and Microsoft's Internet Explorer were in full swing, and Microsoft was constantly looking for ways to improve the capabilities of Internet Explorer. Netscape had begun to sell a web proxy product, which optimized Internet web browsing by caching the images and text from web pages to local servers, enabling clients to access them quickly. At this time, connections to the Internet were much more expensive, relatively speaking, and the need to take full advantage of the bandwidth provided to an organization created the need for products to optimize these connections.
In direct response to these needs, Microsoft released the first version (1.0) of Proxy Server, a new product to provide web proxy capabilities for clients. The capabilities of version 1.0 of the product were significantly less than those of the Netscape or other proxy products available at this time, however, and industry support for the product was lacking.
Following closely on the release of version 1.0 was the 2.0 version, which equalized many of the disparities between Microsoft's Proxy Server product and the competitors. Proxy Server 2.0 introduced the capability to create arrays of servers for redundancy and provided support for HTTP 1.1 and FTP. In addition, the capability to "reverse-proxy" was added, protecting internal web servers by acting as a bastion-host, or first layer of defense for untrusted traffic. The release of this version of the product was much more successful, and the Proxy Server product celebrated much wider industry acceptance as a web caching and reverse-proxy product.
Unleashing a New Model: the Internet Security and Acceleration Server 2000
Although Proxy Server 2.0 provided for a wide array of Security features, it did not enjoy broad industry acceptance as a security device for one reason or another. Microsoft wanted to focus more attention on the product's security capabilities, so it added more to the 3.0 version, and rebranded it as the Internet Security and Acceleration (ISA) Server 2000. This rebranding directed attention to its security capabilities, while still giving a nod to the web acceleration component, the caching capabilities.
ISA Server 2000 introduced an impressive new array of features, nearly all of which focused on turning it into a full-functioned security device. This version of the product was the first that marketed it as a firewall by and of itself. It was this claim that was greeted with skepticism by the security community, given the somewhat shaky track record that Microsoft products had at that time.
The politics of the security community being what they were, ISA Server 2000 faced an uphill battle for acceptance. In addition, deficiencies such as the lack of multi-network support, confusing firewall rules, and a haphazard interface limited the large-scale deployment of ISA 2000.
Unveiling the Next Generation: ISA Server 2004
While ISA Server 2000 was slowly gaining ground, the ISA Server team started work on the next version, codenamed Stingray. The result of this project was the product released as the Internet Security and Acceleration Server 2004. This version of ISA is vastly improved over the previous versions of the product, and it quickly became noticed in the wider security community. In addition to fine-tuning and honing the capabilities it inherited from ISA Server 2000, ISA Server 2004 introduced a wide variety of new and improved security features that further extend its capabilities.
What's extremely important to note about ISA Server 2004 is that it is one of the first security products released by Microsoft that has really been taken seriously by the broader Internet Security community. ISA Server 2004 is a full-fledged Internet firewall, with Virtual Private Network (VPN) and web caching capabilities to boot. The debate between pro-Microsoft and anti-Microsoft forces is far from over, but politics aside, the product that has been released is an impressive one.