* This article was written in the context of Internet Security and Acceleration (ISA) 2006, a technology now considered deprecated with the introduction of Forefront Threat Management Gateway (TMG). Variations may exist. *
First Steps in Implementing ISA Server With SharePoint
After the initial installation of ISA server, securely publishing your SharePoint portal is a fairly straightforward process that can be facilitated by either a network or SharePoint administrator. Within ISA server 2004, this process typically required setting up the appropriate listeners and web publishing rules so that the proper resources can be hit by the appropriate enterprise users. However, this process is streamlined with built in publishing mechanisms within ISA server allowing a flexible approach to how an enterprise will securely publish a SharePoint machine or arbitrary SharePoint resources.
The first step in implementing a ISA publishing architecture for SharePoint is to open the initial ISA management interface.
Step 1 — Open the ISA Administration Interface
Firstly, you must directly interact with the ISA server by logging onto the ISA Server machine either directly, through MSTSC, RDC, or other remote software such as DameWare, Tilovi, or others.
Start -> All Programs -> Microsoft ISA Server -> ISA Server Management.
Step 2 Enter Into Your ISA Firewall Policy
On the ISA machine, once you have the interface open, you must open the firewall policy dialog.In the ISA interface -> Expand Arrays -> Expand the Server Network / Domain -> Select the Firewall Policy
Step 3 Enter Into the SharePoint Publishing Dialog
Select Tasks (should open the Firewall Policy Tasks) -> Select Publish SharePoint sites (the third of the steps provided within the firewall policy dialog).
Step 4 Provide Basic SharePoint Server Information
Once you start the Publish SharePoint Sites wizard, you will be asked to provide some basic information regarding the publishing that you are going to setup. On the first set o dialogs, enter a common name for the publishing rule, such as SharePoint Sites.
Step 5 Select a Publishing Type
Depending on your installation, you will be asked to provide a publishing type which can vary heavily depending on organization by organization, the two within SharePoint are single server or web farms. You can publish multiple SharePoint site collections on different virtual servers, or a single site collection on multiple load balanced servers. The three options that you will receive are:
- Publish a single web site or an external load balancer
- Publish a server farm of load balanced web servers
- Publish multiple websites
Step 6 Select Your Internal Publishing Rules
The next step after finishing how the network publishing configuration will take place within your SharePoint environment, the next step will be how users will access it both internally and externally. The next dialog that will appear is the internal publishing details dialog, which will ask you to firstly specify the internal site name. This is typically something easy to remember that maintains a corporate DNS strategy, such as sharepoint.com or portal.com. If you are going to use SSL internally to connect to your SharePoint site, there is check box below this entry where you should specify that it is going to be used, saying ISA Server will use SSL to connect to the SharePoint site. This is required if you are going to use SSL bridging, which is recommended configuration if you are going to maintain a secure deployment. You will be able to see your site address in the grayed out box below, ensure that this address is correct.
Step 7 Select How Users Will Access Your Site Externally
The next dialog that you will see is Public Name Details, and depending on how you desire your users to access the portal, can vary. Within most organizations, it is common that this will take the form of the same site address that is used internally, sharepoint.com or portal.com, since it is desired to maintain conformity of access and not confusing to most users. You should enter this address after you select from the dialog drop down for accept requests for. In this drop-down, select the domain name.
Step 8 Set Up The Web Listener For the SharePoint Site
The next dialog that you will see is the web listener dialog, where you should select the HTTP selection, since this is setting up mechanisms where ISA server will facilitate listening for varying web requests. You can also edit existing web listeners, or add a new web listeners as they exist within your ISA environment.
Step 9 Setting up the Authentication
Following, you will have to setup authentication types on the Authentication Delegation page. This will not effect the authentication that you have setup for your portal, there is no direct interaction where ISA will manipulate previous settings on your SharePoint environment. This is to setup a handshaking between the server systems. On this screen, you are going to select Negotiate (Kerberos/NTLM), since these are the two authentication types that are available within your SharePoint portal. There are a variety o other options, including
- No Delegation allow end-to-end authentication
- Basic authentication
- NTLM authentication
- No Delegation do not allow end-to-end authentication
- Kerberos Constrained Delegation
It is feasible to setup custom Authentication delegation because how client credentials are delegated will vary from organization to organization. However, within most environments, Kerberos/NTLM is the most common when publishing SharePoint assets.
Step 10 Setting up User Sets
Most times, this dialog is not necessary for a basic SharePoint setup, therefore, simply select next.
Step 11 Completing the SharePoint Publishing Wizard
Confirm all the settings that you have made, by selecting the finish dialog which will complete the wizard. Depending on the complexity o your environment, there might be additional prompts that are required to fill in information, however for general SharePoint publishing these are the only steps that you need in order to complete the publishing of your SharePoint assets.