ISA Server and Remote Management.

by Curt Simmons [Published on 17 Sept. 2001 / Last Updated on 20 May 2013]

For network administrators, the issue of remote management has been an ongoing dream and an ongoing problem. Windows 2000 alleviated much of the problem of remote management by providing a number of tools and features that enable network administrators to manage domain controllers across an entire network from one location. By simply connecting to the desired domain controller, you can manage the domain controller as if you are locally sitting at the machine.

For network administrators, the issue of remote management has been an ongoing dream and an ongoing problem. Windows 2000 alleviated much of the problem of remote management by providing a number of tools and features that enable network administrators to manage domain controllers across an entire network from one location. By simply connecting to the desired domain controller, you can manage the domain controller as if you are locally sitting at the machine.

 

ISA Server is no exception to this rule, and ISA Server provides you two methods of remotely managing ISA Servers and ISA Server arrays. You can connect by simply installing the ISA Management console on any Windows 2000 computer so that the MMC management interface appears - then, you connect to the desired server to manage it. Secondly, you can manage ISA Servers via Windows 2000 Terminal Services.

The benefits of using remote management with ISA Server are obvious to network administrators. From one desktop computer, you can access domain controllers running ISA Server for which you have rights. You can then manage those servers without ever leaving the comfort of your desk. This not only saves time, but gives administrators a way to view the configuration of several different servers / arrays very quickly or even at the same time.

Curt Simmons is the Author of 'Microsoft ISA Configuration and Administration '

Click Here to purchase his book from Amazon.com

Amazon.com (April, 2001)

 

To use the ISA Management feature provided with ISA Server, you must be a member of the Administrators or Server Operators group on the remote ISA Server computer that you want to manage. Also, your user account and the ISA Server computer must be members of the same domain or within trusted domains for remote management to work. Considering the structure of Windows 2000 networks and the transitive trusts that are typically available between domains, neither of these requirements are typically an issue.

To install the ISA Management console on a Windows 2000 computer, simply run the ISA Server installation CD setup. When you reach the installation options screen, choose the custom installation option. On the Custom Installation window, clear every check box except Administration Tools, as you can see in the following figure.

Once installation is complete, open the ISA Management console, then right-click Internet Security and Acceleration Server and click Connect To, as shown in Figure 2. You can then enter the name of the standalone ISA Server (or IP address / Web address) and click OK. From this point, you can then use the management console to configure the server as needed. Obviously, you can repeat this process and connect to several different servers / array members so that you can easily manage any number of servers / arrays from within the same management window.


If you prefer, you can manage ISA Server using Terminal Services. Terminal Services is a popular feature of Windows 2000 that enables you to remotely connect to a terminal server and manage the server or run applications, depending on the Terminal Server mode that you select. In order to use Terminal Services with ISA Server, the process is the same. Install Terminal Services on the ISA Server that you want to remotely manage. Choose the Remote Administration mode during Terminal Services setup, as shown in Figure 3.


Once the terminal server is installed on the ISA Server, you can then install the Terminal Services client on the desired computer and, with the proper logon credentials access the terminal server and manage the ISA Server that way. The Terminal Services feature using remote management may give you more flexibility and enable you to manage the ISA Server from any number of client operating systems on your LAN/WAN.

Another interesting idea concerns the use of Terminal Services from a remote location, such as with a dial-up account. You can dial-up to a RAS Server, then access the Terminal Server in this manner. Obviously, this scenario introduces more potential problems and security risks. You can also setup ISA Server and IIS to allow Terminal Services through the ISA Server via Web Publishing rules. See the "Publishing Terminal Services and the TSAC" client tutorial in the Learning Zone to find out more about that configuration.

 

Featured Links