Microsoft ISA Server Editions

ISA 2004 supports multiple networks, where previously ISA 2000 only supported three networks: the internal network, defined by the local address table or LAT, the external network, and the perimeter network or DMZ. ISA 2004 also differs in how policies are applied to the different networks. It has the ability to assign different policies to each network. Each of these networks can have distinct different policies with different access rules, authentication methods, and so forth. ISA Server 2004 also supports both routed and Network Address Translation, or NAT, relationships between networks. We’ll cover the differences between those two relationships later on.

Other features that ISA 2004 supports that were not found in ISA Server 2000 are: extended protocol support, advanced application filtering, more improved authentication methods, and stateful inspection for VPN networks. ISA Server 2004 also offers the ability to import and export its configuration settings into XML files. These can then be easily imported into another server to duplicate configurations or to restore a damaged configuration. You also have an expanded ability to delegate permissions at various levels for administrators in different roles.

One more important difference between ISA Server 2004 and ISA Server 2000 is the way ISA 2004 stores its configuration information. As mentioned in my last article, the 2004 Enterprise Edition stores its configuration information not in its registry, as ISA Standard Edition does, nor in Active Directory, as ISA Server 2000. It stores its configuration information in what is called Active Directory Application Mode, or ADAM. This configuration information is stored on a central ISA server called the Configuration Storage Server.

Moving your ISA infrastructure from ISA 2000 to 2004 is not very difficult, although there is some planning involved. There are three ways you can migrate your ISA Server infrastructure from ISA Server 2000 to ISA Server 2004. The first is to perform what is called an in-place upgrade. During this process ISA Server 2004 is installed over an existing installation of ISA 2000. Most settings are migrated to the new configuration, but not all of them. The second way is called a migration. During this process, a machine is installed with ISA Server 2004 and settings are migrated from a computer still running ISA 2000. The third way is to migrate an ISA 2004 machine running the Routing and Remote Access Server service (or RRAS) configuration to 2004.