Roundtable Q&A: Expanding Firewall Capabilities with ISA Server 2004

REDMOND, Wash., Feb. 16, 2005 —
Momentum has been building for Microsoft Internet Security and Acceleration Server (ISA) 2004 since its launch last July. Early product reviews and industry influentials have noted the significant advances in the current ISA Server release, including its ease-of-use, fast and secure access, advanced protection, flexibility and greatly expanded administrative capabilities.

ISA Server 2004 Standard Edition (SE), designed for businesses of all sizes, is now joined by ISA Server 2004 Enterprise Edition (EE), released yesterday at the RSA Conference 2005. ISA Server EE contains additional manageability, scalability, and high availability functionality to serve the most demanding business needs.

To coincide with the launch of ISA Server 2004 Enterprise Edition at this week’s RSA Conference 2005 in San Francisco, PressPass convened a roundtable discussion with:

  • Josue Fontanez , senior product manager, ISA Server business group, Microsoft Security Business & Technology Unit

  • Tony Redmond , vice president and chief technical officer, HP Services and HP Security and Program Office

  • Bryan Bain , senior director, security marketing, Network Engines

  • Neil Matz , senior product manager, Celestix, to learn how Microsoft industry partners and customers are receiving ISA Server 2004

PressPass: With security among IT professionals’ top concerns, what role does ISA Server 2004 have to play?

Fontanez: We see ISA Server 2004 playing a very key role in providing secure access to the Internet for internal users, protection from threats on the Internet as a firewell and secure remote access with its virtual private network (VPN) capabilities. It’s an all-in-one solution that businesses of all sizes can deploy to both protect their environment and provide connectivity services.

In the enterprise, ISA Server 2004 provides all the capabilities I just mentioned, as well as advanced protection and connectivity for a business’ branch offices, especially as they connect to the main office over the Internet. A lot of our customers are deploying site-to-site VPNs with ISA Server 2004. And that type of environment definitely requires the kind of advanced security that ISA Server 2004 delivers. It’s also important for a business of any size that’s going to enable key business applications on the Internet — for example, publishing applications such as Microsoft Exchange Server.

Redmond: I agree with Josue on that point. HP Services leads the industry in Exchange deployments and we recommend ISA Server 2004 as the best way to protect Exchange. Our ISA Server 2004 solution delivers a “soft appliance” experience allowing customers to take full advantage of implementing and customizing all the powerful features of ISA Server 2004. And there definitely appears to be a lot of interest in the product. Customers range from public sector to small and medium businesses to branch offices of enterprise companies and all like the simplicity, flexibility and value this solution provides.

PressPass: What are the main ISA Server 2004 features to which customers are responding?

Bain: We’re hearing from that ease of use is the most compelling feature. Historically, firewalls have been very difficult to configure and implement. ISA Server 2004’s user interface and wizard functionality allows companies that lack dedicated security resources to easily create a locked down, hardened infrastructure that protects against the new generation of threats. Microsoft has done for firewall technology what previously only existed in hardware-based firewalls.

The low total cost of ownership (TCO) associated with the platform is also very compelling. To this point in time, application-layer intelligence has been cost-prohibitive for a lot of mid-sized organizations. And that’s primarily where we’re currently focused with ISA Server Standard Edition — companies of 5,000 employees or less that really have a desire for integrated security appliances because they don’t have a deep set of technical resources. These customers often choose ISA Server 2004 to create a secure messaging infrastructure — we’ve been educating our customers on the fact that e-mail is the most widely used attack vector and that the functionality of ISA, with unique protection for Exchange Server environments, will give them a significant measure of protection to mitigate some of the latest threats. Application-layer filtering and the concept of best practices to secure some of the most widely deployed infrastructure applications in the world have been the primary selling propositions.

Matz: The out-of-box experience is straightforward and easy to understand. It makes the buying decision faster and training and support more intuitive. It’s true that you don’t need to have a large IT organization with a security expert or a network admin to implement and benefit from ISA Server 2004. Most IT managers are already familiar with Exchange Server, the Active Directory directory service and other infrastructure standards of the Windows Server System. If they’re familiar with those paradigms, they’re inherently familiar with how our appliance and ISA Server 2004 works. Celestix’s integration of RSA security and SurfControl URL filtering in our ISA Server 2004 appliance is being very positively received. We’re seeing many customers using ISA Server 2004 to publish Microsoft Outlook Web Access and external intranet sites, where the benefit comes from ISA’s function as an application-layer firewall.

Fontanez: With ISA Server 2004, customers have the flexibility to obtain either software or appliance form factors, and that’s resonating across all of our customer and partner sets. We’re hearing that customers are pleased that we are providing an integrated solution. If you look at other solutions in the marketplace, they may have just firewall functionality or they may have firewall plus VPN functionality. The great thing about ISA Server 2004 is that it includes firewall, VPN and caching capabilities. And I would certainly agree that ease-of-use is a key position for us with customers: Recent studies have shown that upwards of 95 percent of security breaches traced back to a firewall are due to the misconfiguration of that firewall. ISA Server 2004 is easy to configure effectively, so you don’t have that problem.

PressPass: What is the Enterprise Edition of ISA Server 2004 going to mean for customers?

Fontanez: There are a few key things that the enterprise edition will provide for our customers that are really critical. No. 1 is enterprise management. Whether a business has 50, hundreds or thousands of ISA Servers, they can manage the entire environment more easily with the enterprise edition. Say, for example, I’ve got an enterprise and I want to create a policy that blocks my users from using a certain protocol or accessing a particular Web site. I want that policy to apply to all of my users and to all of the ISA Servers in the environment. I don’t want to have to go to each server to apply that policy. With ISA Server EE’s enterprise management capabilities, I can create that policy in one location and apply it to my entire environment.

Also important are the monitoring and logging capabilities built into the enterprise edition. Being able to monitor my entire ISA Server environment from one location is very important. So we provide that capability in ISA Server 2004 EE. We also have the Microsoft Operations Manager (MOM) Management Pack for ISA Server 2004 if customers want to use MOM to monitor the environment. And in ISA Server EE we provide network load balancing that’s integrated with Windows network load balancing. A customer may want to provide a high-availability environment for their users for a scenario such as VPN or publishing Outlook Web Access. With ISA Server EE they can configure a set of ISA Servers that are load balanced and as requests are coming in, those requests are balanced across a group of servers. That way, if there were to be some type of hardware failure, there are still servers that can respond to user requests.

PressPass: How has working with Microsoft on ISA Server 2004 been for you as industry partners?

Bain: Our relationship with Microsoft has been extremely productive. I’m especially pleased at the way their field force has embraced a third-party organization as a true strategic industry partner to enable us to solve the security business challenges of customers of all sizes.

There’s no doubt about Microsoft’s commitment to securing Windows and to really building security as a significant practice for the benefit of customers. And the field is taking that seriously, so we’ve received a lot of cooperation in telling the ISA story — what we call the “defense-in-depth” story — to the market. At the corporate level, too, we’ve had a very fine working relationship with the ISA Server product management and product marketing organizations to ensure that the solutions we are building continually evolve to meet our customers’ needs.

Matz: I’ve also seen that the sales channel has been real willing to help ISA Server appliance partners like us meet the needs of our mutual customers. Internal sales folks are completely behind ISA Server sales, whether on an appliance or CD-based. That’s gold for us. Microsoft is helping us through their sales channels to sell our ISA based appliances. That’s fantastic.

Redmond: There has been strong collaboration with Microsoft in developing and deploying ISA Server 2004 solutions. From beta testing to services training, HP and Microsoft have worked to understand and deliver services and solutions that address our customer’s most pressing security needs. Recently, HP and Microsoft worked together to create a high level HP customer/partner Flash demo that will be used to educate our sales force, customers and partners on the key features and benefits of deploying ISA Server 2004 on HP ProLiant servers. A copy of this Flash demo is being handed out at both HP and Microsoft’s booths at RSA.

PressPass: And from the Microsoft perspective?

Fontanez: ISA Server 2004 makes a great platform for third-party products and solutions. We’ve been pleased with the range of the third-party offerings for ISA Server and the wide variety of choices available for customers, ranging from anti-virus products to reporting, SSL acceleration, and content filtering solutions. When you consider how customers can choose from the various ISA Server OEM appliance offerings or create their own Windows Server 2003 systems, it’s easy to see why the flexibility and ease of implementing ISA Server is so appealing.

Related Posts