About a year ago, IBM unveiled its Edge of Network (EoN) initiative, which emerged from its earlier Pervasive Computing initiative. The initiative includes portable, wearable, and multifunction devices that will interoperate with modern PC networks—that is, devices meant to connect to servers, desktops, and laptops. Although that's a broad definition, IBM is a company with plenty of scope. (For more about EoN, see "IBM Reveals Edge of Network Strategy" in the March 2000 issue of Windows 2000 Magazine.)
Recently, I've pondered the supporting role of specialized servers and appliances in a storage capacity at the edge of the network—something attuned to my definition of what an EoN device is all about. Network Attached Storage (NAS) is one instance, and this column's focus—caching servers—is another. We've installed a cable modem in my office and have begun to configure our network to take advantage of it. Not long after we hooked up the first desktop to the cable modem, the desktop became terminally ill with a boot sector virus. I knew then my first step toward the caching capability I wanted was to protect the network I was about to attach.
I installed a SonicWall SOHO2 firewall. Although SonicWall makes a more expensive and enterprise-worthy unit than the small one I bought for $450, my unit contains the most important features. Essentially, the firewall is a router, with a DHCP-assigned address from the ISP (AT&T Broadband, nee MediaOne) and a private address (192.168.1.1 is what I used) for the internal address. The firewall can function as a DHCP server, and, with the smaller unit, you have up to 10 addresses and can purchase 10 more. Managed through a browser, the firewall offers many features, such as a virus detection service, site and content filtering, IP Security (IPSec) VPN, and digital certificate authentication.
What attracted me to SonicWall was its ease of use. For the home office market, in which users aren't particularly network savvy, it's a good choice. And no one should have a direct connection to an Internet pipe—such as DSL or cable modem—without some device or software playing gatekeeper. I'm a fan of hardware devices because I've read that they provide better protection for outgoing traffic.
We installed Microsoft's third version of Proxy Server: Internet Security and Acceleration (ISA) Server. We run ISA Server on a Dell PowerEdge 300, which is Dell's entry level system. The system is equipped with two 20GB IDE-bus hard drives, and two 10/100 NICs. ISA Server sits behind the SonicWall, as the network access point duplicating some of the functions of the firewall and adding many more capabilities of its own. And ISA Server is fast.
According to Lucien Lui, product manager for ISA Server, the server offers an enterprise firewall, proxy server, security, and cache management that works equally well with Windows-based networks and non-Windows networks. Security includes integration with the Active Directory (AD) security model (users and groups), packet-level, circuit-level, and application-layer (looking inside content) security. ISA Server supports all significant networking transport protocols. Lui compares ISA Server to products such as Checkpoint Firewall11 and Cisco PIX 500. You can use ISA Server in one of three modes: dedicated firewall, dedicated cache, or both.
ISA Server wizards help you install and configure the product. Once ISA Server is configured, it essentially just runs. Unlike previous versions of the product, you don't need to install a proxy client on each connecting computer. (However, if you use streaming media, you'll probably want to install the firewall client from the server's share point.)
ISA Server Caching
I'm especially interested in ISA Server's caching features. (For a white paper about Microsoft Information Technology Group's—ITG's—deployment of the product, go to http://www.microsoft.com/isaserver/techinfo/itgdeploy.htm). With ISA Server, you can
- manage a logical array of servers using Microsoft's Cache Array Routing Protocol (CARP). You can set up systems using Microsoft Cluster Server (two nodes) to make the array fault tolerant.
- set up a hierarchical cache, whereby one server defers to another for certain URLs and bypasses the Internet when appropriate using routing rules.
- do forward caching, whereby users going out to the Internet have content cached.
- do reverse caching, whereby ISA is put in front of a Web server to cache content. This feature is really valuable in improving Web site performance and pushing Web content to distributed sites.
An important feature of ISA Server's caching is that policies you set for your organization still apply to the cache. A caching algorithm stores the hottest content in RAM, and the disk I/O has been optimized to make it faster. An administrator can manipulate the caching API with command-line instructions that perform several functions (e.g., flush the cache).
Another feature that caught my eye is the Active Caching component, which looks at content-access patterns and pulls content into the cache automatically. You can also schedule content download. Several years ago, when channels first came out, I realized that at the desktop level, channels clog your system with files, most of which you probably never need. But recast as server-based technology to pull content from the Internet and store it at the edge of your network, the same concept has merit.
ISA Server is perfect technology for an appliance implementation. Third parties, OEMs, and developers who want to add value to the product have the software development kit (SDK) to build plug-ins. (For information about third-party products, go to http://www.microsoft.com/isaserver/thirdparty/offerings.htm). I look forward to trying one of the network antivirus products on this server, eliminating the overhead that those utilities place on my desktops.