After the base operating system has been deployed and configured, the task of installing the ISA Server 2004 software itself can take place. Although the initial installation procedure is relatively straightforward, several factors must be taken into account before you begin.
Reviewing ISA Software Component Prerequisites
Several components of ISA Server can be selected for installation during the setup process. These components are optional, depending on the role that the ISA server is to perform. Because it is always best to configure security with an eye toward reducing the overall security exposure, these components should be installed only if they are necessary for the functionality of the ISA Server. The less than that is installed, the ISA server exposes less of a "signature" to the Internet. Just as design engineers for war planes limit what is installed on aircraft to reduce the overall radar signature, so too should ISA be configured with only those features enabled that are absolutely required.
The following components make up the core of ISA Server features and can be installed as options during the setup process:
Firewall Services This component contains all the key firewall functionality that controls and validates traffic sent across networks. It is almost always installed, unless only the management tools are being installed on a different machine.
Advanced Logging Choosing Advanced Logging installs the Microsoft Desktop/Data Engine (MSDE) to provide a database for the ISA logs. This makes it much easier to generate reports and to view log information and is a recommended option.
ISA Server Management The ISA Server Management tools simply install the ISA Management Console, which is normally installed on an ISA server. This component can also be separate from the ISA server to allow for remote management.
Firewall Client Installation Share The Firewall Client Installation Share creates a file share on the server that clients in the network use to install the full ISA Firewall client. The Firewall client is not heavily utilized, and if it is, it is better practice to install this component on a file server, so it is generally not recommended to install this component.
Message Screener The Message Screener component utilizes the local SMTP service on the ISA server for advanced SMTP scanning and content inspection of mail messages in ISA. The SMTP Service must be installed for this component to operate. As previously discussed in the section titled "Installing the Optional Message Screener Components," it is generally not common to install this unless no other SMTP scanning component is in place in the organization.
As soon as the various components have been reviewed, installation of ISA Server can begin.
Installing ISA Server 2004 Standard Edition
The installation process for ISA Server 2004 is not complex, but it requires some general knowledge of the various steps along the way to ensure that the services and functionality are properly configured.
The procedure outlined in this chapter covers installation of the Standard version of ISA Server 2004. For the procedure to install the Enterprise version, refer to Chapter 6.
To begin the ISA Server 2004 installation, perform the following steps:
Insert the ISA Server 2004 Standard media into the CD-ROM Drive (or install from a network location).
From the dialog box shown in Figure 2.10, click on Install ISA Server 2004.
Figure 2.10. Installing ISA Server 2004 Standard Edition.
At the Welcome screen click Next to continue.
Read the license agreement and select I Accept the Terms in the License Agreement if they are acceptable. Click Next.
Enter a username and an organization name into the fields on the Customer Information screen. In addition, enter the product serial number and then click Next to continue.
The following screen allows for several installation options: Typical, Complete, and Custom. A Typical installation includes all ISA options except the Firewall Client Installation Share and the Message Screener. A Complete installation includes all options. A Custom installation allows for the exclusion or inclusion of multiple ISA components.
Under type of installation, choose Custom and click Next to continue.
Under the Custom Setup options, as shown in Figure 2.11, review the installation features and choose which ones correspond to the functionality that the server will utilize. To add or remove components, click on the down-arrow key and choose This Feature, and All Subfeatures, Will Be Installed on Local Hard Drive.
Figure 2.11. Performing a custom installation.
After the features have been chosen, click Next to continue.
The next installation dialog box enables administrators to specify which network belongs to the internal network range, so that the appropriate network rules can be created. If this is an ISA server with a single NIC, then all IP addresses can be set up here. If it is a multi-NIC server, then it is appropriate to enter the proper IP range in this dialog box via the following procedure:
Click the Add button.
Enter the range or ranges of IP addresses that constitute the internal network range within the organization, similar to what is shown in Figure 2.12.
Figure 2.12. Specifying the internal network range.
Click Add to move the entered range into the field.
The Select Network Adapter button can be useful for automating this process. It detects the range in which a network adapter is installed and automatically adds it to the list.
Repeat for any additional internal IP ranges and click OK to continue.
Review the internal ranges in the next dialog box and click Next to continue.
The subsequent dialog box offers a setting that enables older ISA 2000 Firewall clients to connect to and use the ISA Server 2004 environment. This setting is relevant to only those organizations with a previously deployed ISA 2000 environment that made use of the Firewall client and have not upgraded that client in advance of server setup. It is not recommended to enable this setting; it reduces the overall security of the ISA environment. For more information on the Firewall client, reference Chapter 11. To continue, do the following:
Do not check the check box and click Next to Continue.
Review the list of services that will be stopped during the migration and click Next to continue.
Click Install to begin the installation process.
Click Finish when the wizard completes the setup process.
Close the Internet Explorer window that pops up automatically. This window prompts for the installation of ISA updates, which will be performed in later steps. Close all other dialog boxes as necessary.