The first step to configuring and utilizing the content caching functionality on an ISA server is to enable the caching functionality. After it has been enabled, advanced cache settings and content download jobs can be set up and enabled.
Configuring ISA Server to Provide Web Caching Capabilities
By default, content caching is not enabled on an ISA server. Instead, it must be turned on to enable an ISA server to provide for web caching capabilities. Turning on this functionality is as straightforward as defining the size of the cache drive. After the cache drive has been defined, caching is set up and ready to go on the server. To set this up, perform the following steps:
From the ISA Management Console, select the Cache node from the console tree.
In the Tasks pane, select the Tasks tab and click on the link entitled Define Cache Drives (Enable Caching).
From the subsequent dialog box, shown in Figure 8.4, define the size of the cache drive by selecting the drive on which it will be placed and entering a maximum size into the field. Click the Set button to save the changes and then click OK.
Figure 8.4. Enabling caching functionality in ISA.
Click Apply in the Central Details pane.
Most ISA changes do not require the firewall service to be restarted. Changing the cache drive size, however, is one of the few exceptions. If the ISA server has been placed into production, it should be noted that continuing with this procedure restarts the firewall service and kills the current connections to the server.
When prompted, select to Save the Changes and restart the services. Click OK.
Click OK when the changes are complete.
Changing Default Cache Settings
To process cache objects, ISA Server 2004 uses a series of default settings. To access and modify them, click on the Configure Cache Settings link in the Tasks tab of the Tasks pane. The Cache Settings dialog box, shown in Figure 8.5, contains a General tab that displays the size of the cache, as well as an Advanced tab.
Figure 8.5. Modifying cache settings.
The Advanced tab allows for the customization of the maximum size of URLs that can be cached, and whether to cache objects with an unknown last time that they were modified. In addition, the default behavior, along with how expired content should be handled, is displayed if the original website cannot be reached. For example, if the www.cco.com website was previously accessed and was downloaded to the cache, but the entry has expired, the server could be configured to either error out (if the Do Not Return the Expired Object option is checked) or return the object to the requestor based on the amount of time since the Time-to-Live (TTL) of the object has expired (the default).
The Time-to-Live of a cache object is the amount of time that the object remains valid in a cache before it expires and needs to be refreshed. Without TTL settings on cached objects, stale data could potentially be returned to requesting clients.
Configuring Cache Rules
After caching has been enabled on an ISA Server, specific rules must be set up to configure how ISA handles caching traffic. By default, a single Last Default Rule for caching exists on the server and can be viewed under the Cache Rules tab in the Central Details pane. The settings in this rule can be utilized, or different cache rules can be configured to be processed before the default rule. This can be useful in scenarios where different cache policies are created for different clients, such as forcing caching for clients in the internal network, but turning it off for servers in the DMZ. To create a cache rule, perform the following steps:
In the Tasks Pane of the Cache Node, click the link labeled Create a Cache Rule.
Enter a descriptive name for the Cache Rule and click Next to continue.
Click the Add button to define to which source network entities the cache rule will apply.
Select the source network, network sets, computers, or other network objects from the list and click Add for each one. Click Close when finished.
Click Next to continue.
From the subsequent dialog box, shown in Figure 8.6, the rule can be configured to modify the behavior of how cached objects are returned to the requestor. The three options are as follows:
Only If a Valid Version of the Object Exists in the Cache. If No Valid Version Exists, Route the Request to the Server In this scenario, which is the default option, a requesting client has a cached object returned only if the object exists in the cache and has not expired. If there is not a current version, the ISA server routes the request to the web server on the Internet.
If Any Version of the Object Exists in the Cache. If None Exists, Route the Request to the Server For this option, the ISA server returns an object in the cache, even if it has expired. If it does not exist in the cache, it routes the request to the web server on the Internet. This option can run the risk of supplying stale data to requesting clients.
If Any Version of the Object Exists in the Cache. If None Exists, Drop the Request (Never Route the Request to the Server) With this option, clients get web data only from objects that exist in the cache. If an object isn't in the cache, the request fails. This is a highly restrictive option, but is useful in scenarios where only specific content is meant to be made available to web browsing clients, and that content is made available with Content download jobs.
Figure 8.6. Setting up a cache rule in ISA.
Select the default content retrieval behavior and click Next; this invokes the subsequent dialog box, which allows for advanced options such as caching dynamic content or offline browsing responses and customization of what type of content will be cached, such as
Never, No Content Will Ever Be Cached If this option is chosen, the cache rule stipulates that the content will never be cached, regardless of whether or not the source and request header indicate to do so. This basically tells the cache rule to never cache the content.
If Source and Request Headers Indicate to Cache This setting (the default) relies on the source and request headers of the object that is retrieved to determine whether it is cached.
To continue with the process, do the following:
Select what type of cache content settings to utilize and click Next to continue.
Check whether SSL responses will be cached or not, or if a size limit to cached objects will be configured.
Click Next to continue.
The subsequent dialog box, shown in Figure 8.7, allows for the core customization of HTTP caching settings, such as whether to enable HTTP caching, and what the content's default TTL is. If a longer TTL is set, objects remain in the cache for longer periods of time, although the risk that they will become stale becomes larger. If the TTL is shortened, objects returned are less likely to be stale, but the server has to update the records more often, increasing the amount of bandwidth required. To continue, perform the following steps:
Make any necessary changes to the HTTP caching options and click Next to continue.
Check to enable FTP caching, if required, and set the default TTL for FTP objects. Click Next to continue.
Click Finish to create the rule.
Click Apply and then click OK when finished.
Figure 8.7. Customizing HTTP caching settings.
Any number of cache rules can be configured, each with different settings. This allows for the creation of granular cache options that can be set on a per-network or even per-computer basis.
Configuring Proxy Web Chaining
ISA Server 2004 proxy servers, or even a third-party proxy product, can be chained together inline so that proxy traffic is routed through both servers. This concept is known as web chaining with ISA Server 2004, and it allows for the optimization of multiple proxy servers by requiring users in different locations to use local ISA servers for proxy first, and then to use a centralized one, for example.
To create a web chaining rule, perform the following steps:
Open the ISA Server Management Console (Start, All Programs, Microsoft ISA Server, ISA Server Management).
In the Console tree, select the Networks node by clicking on it.
In the Central Details pane, select the Web Chaining tab.
In the Tasks pane, click on the Tasks tab, if it is not already selected.
Select the link titled Create New Web Chaining Rule in the Tasks pane.
At the Welcome dialog box, enter a name for the web chaining rule. Click Next to continue.
At the Web Chaining Rule Destination dialog box, click the Add button.
When presented with the Add Network Entities dialog box, select the networks, network sets, individual computers, subnets, or other destinations to which the rule is to apply. Click Add when selected.
Select additional network entities as necessary. Click Close when finished and Next to continue.
The next dialog box, shown in Figure 8.8, is where the web chaining functionality options are set, such as whether the requesting clients are sent to another upstream ISA proxy cache server, or whether the requests are retrieved directly from the specified destination (the default). To configure the ISA server as a downstream server in a web chain, select the option titled Redirect Request to a Specified Upstream Server and click Next to continue.
Enter the name of the upstream proxy server, what ports are to be used (typically 8080), and what account to use for authentication. Click Next to continue.
Under the Backup Action dialog box, choose how to respond if the upstream server is not responding. This can be useful because it can avoid allowing the upstream server to be a single point of failure. Select the option desired and click Next to continue.
Click Finish to apply the web chaining rule.
Click Apply and OK to save the changes to ISA.
Figure 8.8. Creating a web chaining rule.
Setting Up a Content Download Job
Content Download Jobs in ISA Server 2004 enable administrators to proactively download content from websites and make it quickly available to requesting clients. This function ality enables organizations to quickly gain access to fresh content from web pages that are relevant to their organizations. Of course, overuse of Content Download jobs can also end up spuriously wasting available bandwidth, so they should be configured only if necessary.
To create a content download job, do the following:
Select the Cache node from the scope pane.
Select the Content Download Jobs tab from the Central Details pane.
From the Tasks tab in the Tasks pane, click the link for Schedule a Content Download Job. If prompted to enable the jobs, click Yes and run through steps 13 again.
Enter a name for the content download job and click Next.
Define the download frequency for the job: right now, one scheduled time, daily, or weekly and click Next to continue.
Enter the URL of the site from which to download, such as what is shown in Figure 8.9. Also, indicate how many links deep the site is to be scanned and whether to follow outside links (not recommended). Click Next to continue.
Figure 8.9. Setting up a content download job.
Enable the individual cache content settings and TTL settings for the job and click Next to continue.
Review the results of the wizard and click Finish.