Note that all reports appear in the right detail pane when you select the Reports folder. You also see five categories of predefined reports sorted into the following folders: · Summary reports · Web usage reports · Application usage reports · Traffic and utilization reports · Security reports Reports are displayed in the Web browser and can be saved as .HTM (Web page) files. Let’s take a look at what each of these includes. Summary Reports The summary reports network usage data that is sorted according to application. Network administrators can use these reports to plan or evaluate Internet connectivity issues. An example of a summary report for an array is shown in Figure 6.48. Figure 6.48 Summary Reports Include Data from the Web Proxy and Firewall Service Logs Pertaining to Network Usage The information in the summary reports combines data collected from both the Web proxy service and firewall service logs. Logging for these services must be enabled to generate a meaningful summary report. Web Usage Reports Web usage reports use the Web proxy service logs to provide information about the following: · Top Web users · Web sites that have generated the greatest amount of traffic · Protocols used for Web traffic · Responses to HTTP requests (success, authorization failure, object not found, object moved, and other) · Types of objects delivered by the ISA server (.DDL files, .HTML files, .EXE files, etc.) · Web browser types used to connect to the Internet through the ISA server (browser name and version number) · Operating systems used to access the Internet through ISA Server (Windows 2000, Windows NT 4.0, Windows 98, etc.) An example of a Web usage report is shown in Figure 6.49. Figure 6.49 Web Usage Reports Contain Information Collected from the Web Proxy Service Log Files The Web usage reports can be used to evaluate how the Web is used in your organization, which could be useful to network administrators in planning for Internet connectivity and capacity and for managers setting policies to govern use of the Web. Application Usage Reports Application usage reports are based on the information collected by firewall service logging. The following information is provided: · Communications protocols used for network traffic going through the ISA server · Top application users (by IP address) · Client applications that have generated the largest amount of network traffic during the report period · Operating systems used on computers that have accessed the Internet · Top destination computers (by IP address) with which internal users have communicated through the ISA Server An example of an application usage report is shown in Figure 6.50. Figure 6.50 Application Usage Reports Are Based on Information Collected in the Firewall Service Logs Application usage reports can help you plan for network and bandwidth capacity and determine the external network destinations that are creating the greatest amount of network traffic. Traffic and Utilization Reports The traffic and utilization reports use data from both the Web proxy and the firewall service logs to provide information such as the following: · Communication protocols used · Summary of traffic going through the ISA server, by date · Cache performance data, showing the objects returned from the Internet, objects returned from cache with verification, objects returned from cache after verification that they had not changed, and objects returned from the Internet to update a file in cache · Information on the peak number of simultaneous connections each day · Information on the average request processing time each day · Chart summarizing average network traffic flow through the ISA server each day · Errors reported by ISA Server in attempting to communicate with other computers, broken into Web proxy and firewall service error categories. An example of a traffic and utilization report is shown in Figure 6.51. Figure 6.51 The Traffic and Utilization Reports Combine Information from the Web Proxy and Firewall Service Logs The traffic and utilization report information is useful for monitoring network capacity and planning bandwidth policies. Security Reports The security reports, as the name implies, provides information related to possible breaches of network security. Security reports use information from the Web proxy and firewall service logs as well as the packet filter log files. An example of a security report is shown in Figure 6.52. Figure 6.52 Security Reports Can List Authorization Failures and Other Security - Related Events Recorded in the Web Proxy Service, Firewall Service, and Packet Filter Logs The security report that is shown in the figure lists instances in which users or computers failed to authenticate to the ISA server and users for whom network packets were dropped. Configuring Sort Order for Report Data You can determine the order in which report data is sorted by right-clicking the report type (Summary, Web Usage, Application Usage, Traffic & Utilization, and Security) in the left console pane under Reports and selecting Properties from the context menu. On the Properties sheet shown in Figure 6.53, you can select the option that you want to use to sort the report data. Figure 6.53 Select the option to Use to Sort Report Data in the Report Type Properties Sheet On the Top Users tab, you can select from the following: Requests, Bytes In, Bytes Out, or Total Bytes. On the Top Web Sites tab, you can sort by the same four options, and you have a fifth option: Users. On the Cache Hit Ratio tab, you have only two options for sorting order: Requests and Bytes. After you configure the sort order, the data in the report will be sorted according to your criteria the next time you view the report. Saving Reports You can save reports in one of two file formats for later viewing or to a removable disk to be viewed on another machine. Saving Reports in .HTM format Reports can be saved as hypertext document files (.HTM) by selecting the report type under Reports in Monitoring in the left console pane, right-clicking the report name, and selecting Save as in the context menu. Saving Reports in .XLS format You can save a report as an Excel spreadsheet file (.XLS) by selecting Reports and right- clicking the report name in the right console pane, then selecting Save as. Providing Information for Saving Reports To save as .HTM, you access the report from the applicable report type folder; to save as .XLS, you access the report from the Reports folder. Either way, you will be asked to select a location in which to save the file and to enter a filename (the default filename is the name of the report displayed in the right detail pane). NOTE In order to save the report in .XLS format, you must have Excel installed on the ISA server computer. Otherwise, this option will not appear as an option. Configuring the Location for Saving the Summary Database You can specify the location in which the daily and monthly summaries database is to be stored. Right-click Report Jobs in the left console pane under Monitoring Configuration, and select Properties in the right context menu. On the Log Summaries tab, shown in Figure 6.54, check the box to enable daily and monthly summaries. Figure 6.54 Set a Location for Saving Daily and Monthly Summaries, and Specify the Number of Each That Should Be Saved You can set the location for saving the summary database. You have two options: · Save the summaries in the ISA Summaries subdirectory, in the directory to which ISA Server is installed on the local computer (this is the default). · Save the summaries in a different location by choosing Other folder and typing a path or browsing for a folder by clicking the Browse button. You can also specify how many daily summaries and how many monthly summaries are to be saved. You can specify a minimum of 35 and a maximum of 999 daily summaries and a minimum of 13 and a maximum of 999 monthly summaries. Summary files are saved with the .ILS extension (see Figure 6.55). Figure 6.55 Summary Files Are Saved by Default in the ISASummaries Folder with an .ILS File Extension NOTE The ISALogs, ISAReports, and ISASummaries directories are located on each server in the array in the Microsoft ISA Server installation folder. Understanding Remote Administration In this section of the chapter, we explore how you can administer an ISA server or array from a remote location, either using the ISA Management Console on a remote computer or by setting up the ISA server as a terminal server and connecting to it via the terminal server client software. Remote administration allows you to perform management tasks and configure components for your ISA server or array when you are not at the same site as an ISA server computer. You can connect to the network via a WAN link by dialing in to the remote access server or by connecting across the Internet through a VPN. Once the connection to the local network is established, you can remotely manage a standalone ISA server, an array, or the enterprise. Installing the ISA Management Console You can install ISA Management on a Windows 2000 Server that is not running ISA Server or on a Windows 2000 Professional computer. This is done as part of the setup process when you run the ISA Server installation CD. NOTE ISA Server or the ISA Management tools can also be installed on computers running Windows XP/Whistler, the next version of the Windows operating system. When you run the setup program, select Custom installation, and check only the Administration Tools check box, as shown in Figure 6.56. Figure 6.56 To Install ISA Management on a Computer From Which You Want to Administer ISA, Select Custom Installation and Check the Administration Tools Check Box After you install the Administration tools, ISA Server Management is accessible through the Programs menu on the remote computer. You can then connect to an ISA server or an array that is in the same domain or a domain with which a trust relationship exists. Managing a Remote Standalone Computer To manage a standalone ISA server remotely, open the ISA Management Console and right-click the root object in the left pane (Internet Security and Acceleration Server). Select Connect To from the context menu, and type the name of the standalone server that you want to manage in the box, as shown in Figure 6.57, or click the Browse button to find a computer in the directory. Figure 6.57 To Manage an ISA Server Remotely, You Must First Connect to It NOTE You must be a member of the Administrators or Server Operators group on the remote computer that you want to manage. [...]... various ISA Server clients We begin the discussion by reviewing the ISA Server architecture You need a thorough understanding of the ISA Server architecture in order to appreciate the mechanisms that underlie the security schemes you plan to implement via ISA After this discussion, we’ll proceed with a discussion of installing and configuring the various ISA Server client types Understanding ISA Server. .. on a network that uses a private IP addressing scheme to access the Internet The private network IDs are defined in RFC 159 7 The following are the IP address ranges for the private network IDs: · 10.0.0.1–10. 255 . 255 . 254 /8 · 172.16.0.1–172.31. 255 . 254 /12 · 192.168.0.1–192.168. 255 . 254 /16 These address ranges are reserved for use on private internal networks and are not valid on the Internet Internet routers... Desktop Once your connection to the terminal server is established, you will see the server desktop, as shown in Figure 6.64 Figure 6.64 Use the Terminal Server Desktop to Remotely Administer the ISA Server If the terminal server is an ISA Server, you can now open the ISA Management tool and perform all administrative tasks as you would if you were sitting at the ISA server Summary This chapter has taken... discussed remote administration of an ISA server or array, and you learned that you can manage either a standalone ISA server or an array or enterprise in one of two ways: by installing the ISA Management tools on a non -ISA Server computer and using the ISA MMC to connect, or by installing Windows 2000 Terminal Services on your ISA server, making it a terminal server and connecting to it from another... in Chapter 8 Now, let’s take a look at the specifics of the various ISA Server client setups and configurations Configuration Changes and ISA Server Services Restarts Many configuration changes you make on the ISA Server computer will require that you restart one or more ISA Server services Typically, the ISA Server Control Service (isactrl) detects these changes and informs you that a service needs... account has permission to access and launch DCOM objects on every ISA server in the array Chapter 7 ISA Architecture and Client Configuration Solutions in this chapter: · Understanding ISA Server Architecture · Installing and Configuring ISA Server Clients Introduction In this chapter we start getting into the “nuts and bolts” of ISA Server We begin our configuration foray with a deep exploration into... by ISA Server Alerts or the Event Viewer You must stop and restart the respective ISA Server Service manually when making these changes Installing and Configuring ISA Server Clients This section reviews the various ISA Server client installation and configuration options As you’ll see, some of the client configurations are extremely simple to set up, and some of them can be relatively complex The ISA. .. which a published server needs the firewall client installed For example, you might run a server application that requires an Application filter to manage connections, but you don’t have such a filter installed on the ISA server In such a case, you could get around the problem by configuring a wspcfg.ini file on the server running the firewall client UNDOCUMENTED ISA SERVER If you want to disable the firewall... Internet server, the NAT Server forwards the response to the internal private network host via its internal interface ISA Server takes advantage of the NAT Protocol driver included with Windows 2000 and extends its functionality so that it is able to work with the other ISA Server services Note that you cannot run both the Routing and Remote Access Server NAT Protocol implementation and ISA Server on... Server on the same machine NOTE Microsoft documentation warns that you should not run both RRAS NAT and ISA Server on the same machine However, if you install ISA Server on a machine that already has RRAS enabled, the ISA Server installation routine will disable the RRAS NAT Protocol At this point, you would assume that since the RRAS NAT Protocol has been disabled, there won’t be any problems However, . Default in the ISASummaries Folder with an .ILS File Extension NOTE The ISALogs, ISAReports, and ISASummaries directories are located on each server in the array in the Microsoft ISA Server installation. an ISA server or array, and you learned that you can manage either a standalone ISA server or an array or enterprise in one of two ways: by installing the ISA Management tools on a non -ISA Server. · Understanding ISA Server Architecture · Installing and Configuring ISA Server Clients Introduction In this chapter we start getting into the “nuts and bolts” of ISA Server. We begin