Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
Maintenance procedures that require slightly less attention than daily checking are categorized in a weekly routine and are examined in the following section. These tasks should be performed on a regular weekly basis, such as on Monday morning or another convenient time. Checking for Updates
As previously mentioned, updates and patches to the Windows operating system that ISA uses and the ISA software itself are constantly being produced. It is wise to check for updates to these components, using the techniques described in the earlier sections. In addition, it may be good practice to sign up for a service such as the Microsoft Security Notification Service, which sends emails when new patches and updates have been released. More information on this program can be found at the following URL: http://www.microsoft.com/technet/security/bulletin/notify.mspx Checking Disk Space
Although the disk capacity of an ISA Systemcan appear to be virtually endless, the amount of free space on all drives should be checked daily. Serious problems can occur if there isn't enough disk space. Running out of disk space can be a particular problem for ISA Servers. ISA logging can chew up a good portion of available disk space, and setting a cache drive can also leave less room for OS components. It is critical to monitor this, however, to prevent problems including, but not limited to, the following:
To prevent these problems from occurring, administrators should keep the amount of free space on an ISA Server to at least 25%. Verifying Hardware
Hardware components supported by Windows Server 2003 are typically reliable, but this doesn't mean that they'll run continuously without failure. Hardware availability is measured in terms of mean time between failures (MTBF) and mean time to repair (MTTR). This includes downtime for both planned and unplanned events. These measurements provided by the manufacturer are good guidelines to follow; however, mechanical parts are bound to fail at one time or another. As a result, hardware should be monitored weekly to ensure efficient operation. Hardware can be monitored in many different ways. For example, server systems may have internal checks and logging functionality to warn against possible failure, Windows Server 2003's System Monitor may bring light to a hardware failure, and a physical hardware check can help to determine whether the system is about to experience a problem with the hardware. If a failure has occurred or is about to occur, having an inventory of spare hardware can significantly improve the chances and timing of recoverability. Checking system hardware on a weekly basis provides the opportunity to correct an issue before it becomes a problem. TIP One of the major advantages that ISA has over many of the other hardware firewalls is the fact that it can be installed and run on any standard Intel-based server hardware. This makes it much easier to swap out hardware components if they fail. It is therefore advantageous to use the same standard hardware configuration as other systems to set up ISA Server. For example, many organizations that use a common 1U rack-mounted server model for their Active Directory domain controllers, Exchange front-end servers, MOM DCAMs, and other systems can easily set up ISA on the same 1U standard, making it easier to swap out hardware and components if necessary.
Archiving Event Logs
The three event logs on all ISA servers can be archived manually or with the use of a utility such as MOM 2005. The event logs should be archived to a central location for ease of management and retrieval. The specific amount of time to keep archived log files varies on a per-organization basis. For example, banks or other high-security organizations may be required to keep event logs up to a few years. As a best practice, organizations should keep event logs for at least three months. |