MS builds a beta ISA 2006
- 23 February, 2006 15:34
Last week, I'm struggling for Redmond news; this week, it's like they have a volcano up there or something. SMS (Systems Management Server) 2003 R2, a Vista Community Technology Preview, Commerce Server 2006 Beta, new announcements about SharePoint Server 2007, a funeral for FrontPage, and a formal ISA (Internet Security and Acceleration) Server 2006 Beta announcement. Whew. Guess all those headlines about a Microsoft stock slump lit a fire under somebody's booty.
I blogged about the death of FrontPage (don't worry; it's only dead to the world of software bundles) as well as Microsoft's "final" (for now) list of Vista SKUs off of Technology Filter, so click over there if you want more details. What I've been concentrating on this week is the ISA Server 2006 Beta release, mainly because the Redmondians were kind enough to give me a big ol' briefing on that.
Unfortunately, if you're expecting a security silver bullet or anything else revolutionary out of ISA 2006, you're in for a disappointment. There are several worthwhile features in the new product, and those using it for perimeter or internal boundary defense will certainly want to upgrade, but a guaranteed security panacea for Windows it's not.
Big on the list of new features is better integration with Active Directory, which means that Web application servers can get improved authentication security. It's also a bit better as a proxy server because Microsoft has carried over the compression schemes it released in ISA Server 2004 R2. That means faster Web page load times, according to Microsoft, but I'll wait to verify that in a test before crowing about it.
Better for those with large branch offices are a series of features that let administrators more easily drop-deploy ISA-based boxes to branch offices. Microsoft plays up the compression angle here, but what's more important is ISA 2006's support for BITS (Background Intelligent Transfer Service), also found in 2004 R2. This means not only better support all around for slower WAN links, but features that allow ISA Server 2006 to do things like cache Windows updates. That way, clients at branch offices get their updates in a much smoother fashion than downloading them from a far-away central office.
IT admins can also configure ISA boxes using new policy tools and auto-configuration features. These let admins drop ISA 2006 white boxes at remote sites and allow them to be plugged in by remote users with no need for on-site IT staff. The boxes find central connections on their own; they can then be remote-tweaked by the IT staff. A nice upgrade here is better support for scripting via Monad.
ISA 2006 also gets a new Microsoft Operations Manager ( MOM) Management Pack, but at this point that's pretty much a requirement on Redmond's part. Microsoft didn't indicate any new MOM management capabilities based on this, just full MOMmy support for ISA 2006.
Finally, Microsoft claims to have much improved attack alerts, reports, and attack detection tools. I didn't get much here in the way of an actual demo, but the skinny says the new UI will not only show attacks as they happen but even route these alerts intelligently based on context. This is the really sexy stuff in terms of new features, and unfortunately the beta doesn't represent that much of it at this point. Look for these features to solidify in Beta 2 later this spring or early this summer. The final product is still slated to ship in the last gasps of 2006, but that's as accurate as Microsoft wanted to get with ship dates.
All in all, the new features roll for ISA 2006 sounded good to me. So far, I've seen precious few real-world installations where ISA is housed on the perimeter. Rather, I've seen it mostly protecting and auditing internal boundaries such as application-specific server farms. For this purpose, ISA 2006 has more than enough features to make the grade. As an external-facing device, I'd have to run it through a whole bunch of attack tests before I really felt comfortable. Maybe it's the brand name.