ISA Server 2004 has a long history of providing web proxy access to network clients. In fact, the original name of the product, before it was rechristened as the Internet Security and Acceleration Server, was Proxy Server 1.x/2.x. The Proxy Server component of ISA is still strong and robust, but it has been overshadowed by the strong emphasis on the firewall and security aspects of the application. This should not detract from the fact that ISA still provides for excellent web and FTP proxy capabilities through its content caching technologies.
The "acceleration" in the title of ISA server 2004 refers to these capabilities. Web caching enables web and FTP browsing to be optimized because local copies of commonly accessed files are stored on the server. They are downloaded only once and then made available to multiple clients. This increases the response time of web browsing and decreases an organization's overall bandwidth needs.
Improving Web Access by Caching Content
The concept of content caching is not overly complex, and the key to its success lies in its simplicity. Content caching works by saving local copies of web data on the hard drive of the caching server and making that information available to the next clients that request the same information from the same site.
The example shown in Figure 8.1 serves as an illustration: If Client1, configured to use ISAServer1 as a proxy server, were to browse to the home page of www.microsoft.com and www.cco.com, ISAServer1 would first check whether it had a recent local copy of the websites accessed. If it did not, it would then initiate an HTTP GET request directly to the www.cco.com and www.microsoft.com websites. When the websites return the text and images associated with the site to ISAServer1, the server keeps a local copy and then forwards the information back to the requesting Client1.
Figure 8.1. Understanding the ISA Server content caching process.
Later, Client2 requests information from the websites of www.cco.com and www.samspublishing.com. The ISA Server checks the local cache and finds that it already has a recent copy of www.cco.com, so it forwards this information directly to Client2. Because the www.samspublishing.com information is not stored locally, however, the server goes through the requesting process again and subsequently stores this information locally so that it is available for the next client that requests it.
Protecting and Monitoring Client Web Access
In the early days of proxy servers, the goal of the server was to reduce the amount of total Internet bandwidth consumed by web browsing. The cost of bandwidth was more expensive, comparatively speaking, and many organizations looked to proxy server solutions to save on the expense of maintaining an Internet connection.
Although bandwidth savings are still a potential reason for deploying a proxy server, bandwidth costs have become less of a factor and client security and control has become more of a factor. What organizations have found is that having a dedicated proxy server enables all communications from clients to external websites to be monitored and controlled.
A welcome side effect to using ISA Server 2004 to provide for proxy server functionality is that clients avoid making direct connections from the internal network to the Internet. Because best practice security design stipulates that client workstations (which are more vulnerable to attack, spyware and virus infection, and other exploits) should not have direct, unsupervised access out to an untrusted network such as the Internet.
By funneling all client web traffic through the ISA Server for proxy functionality, organizations have newfound control over monitoring, filtering, and protecting client web and FTP traffic. This also allows for highly functional third-party proxy add-ons that provide for intelligent filtering of client traffic to block access to particular types of websites and/or scanning of the traffic for viruses, exploits, and spyware.
Pre-downloading Commonly Used Content
ISA Server 2004 content caching capability includes the capability to automatically download content on a predefined basis to make it fresh and available to clients on the network. For example, a law firm could set up a content download job that refreshes content from online legal websites that are commonly used in the firm. Data can be retrieved quickly from internal clients, but the information is still known to be fresh.