Before an ISA Server design can go into effect, it is ideal to test the design in an isolate d prototype lab environment. Setting up this type of environment helps to address any problems in advance of the deployment of the ISA servers to a production environment. This mitigates the inherent risks in the project, and can prove to be quite useful as a training tool and test bed for new rules and ISA settings.
Setting Up a Prototype Lab for ISA Server 2004
To set up an ISA Server 2004 prototype, it is important to simulate as closely as possible the way that the ISA server will be deployed and also set up any servers or components that will be tested. For example, if an ISA server is to be set up to secure MAPI access to Exchange mailbox servers, it would be necessary to restore those servers onto spare hardware in an isolated setting and then test the new ISA server against that environment.
The key to a successful prototype environment is closely linked to how it reflects the true production settings. In an ideal world, all servers and settings would be exactly matched in the prototype lab. In reality, however, the expense associated with such a comprehensive prototype environment would make the project cost prohibitive. What this means is that in most cases the prototype environment ends up being a partial reflection of the most critical services, which are then tested for functionality.
Emulating and Testing ISA Settings
The design process should have already created a design document that illustrates exactly how an ISA environment will be configured. Ideally, it will include information on individual ISA elements, such as server publishing rules and networks that need to be created. This information can be used to generate the various rules and settings that will be required to test the components in the prototype lab.
After all components are in place and the rules have been configured, testing against the ISA environment can take place. Ideally, the testing would involve emulating the steps a user would take to access the particular services or systems that are being protected by the ISA server. For example, it might include testing inbound OWA access across an ISA Server 2004 Publishing rule. After all types of access that can feasibly be tested are fully tested, the information gleaned from the prototype testing can be used to modify the design if necessary.
Exporting Prototype Lab Configs
One of the most advantageous features of ISA that greatly assists in prototype testing is the capability to export out individual ISA elements to XML files for import on other systems. This concept, useful for backups of the system, can also be used to export out "known good" configurations from a prototype lab and import them onto the actual production servers.
Ideally, a prototype lab would remain in place to test the functionality of new rules or configuration settings in the ISA environment. Anytime a change would need to be made, it could be easily created on the prototype ISA server, tested, exported to XML, and then imported onto a production server.