Nothing But Net
NetMark McFadden<br>A Boy Named Sue
- By Scott Bekker
What’s in a name? Given all the criticism that Microsoft Corp. gets on security and application performance issues, you’d be tempted to think that the software giant would be especially careful about how it picked names for new Internet tools. Coining the name "Internet Security and Acceleration Server 2000" (ISAS) seems like either an act of hubris or just begging for ill-tempered jokes about Microsoft products and security. I wonder if maybe this time it’s like naming a boy Sue: it’s a product that will have to stand on its own two feet.
At first glance ISAS, now available in beta, seems an odd mix. It combines the features of a software-based firewall with an enterprise Internet content cache. It might seem peculiar to have both tools lumped together in the same piece of software, but to me it makes more sense after a closer look.
Microsoft has never provided an effective software firewall -- leaving that market to third parties and to router vendors. ISAS is a new approach -- for Microsoft -- allowing an enterprise to insert a software barrier between internal corporate networks and the public Internet. ISAS’s firewall has some very nice functionality, including application level filtering and the ability to do "stateful inspection" of packets as they traverse the firewall boundary. But if ISAS were just a firewall, Microsoft would have a sure loser: market share in the firewall market is unlikely to move swiftly to a new entrant, no matter how big.
In the past, Microsoft has tried to provide proxy services for internal networks. Microsoft's current Proxy Server is a functional but clunky tool that allows internal Internet clients -- especially browsers -- to request public Internet services through an intermediary. This gives Internet administrators both security and performance advantages.
In combining them Microsoft hit the sweet spot. To be sure, my beta installation process allowed me to install just the firewall or just the cache server. The real benefit, however, comes when you use them both. Together, ISAS provides a single point of control for Internet security and access policy. Rather than use one machine as a firewall and another for a Web cache, ISAS allows you to integrate Internet policy in a single box.
That’s not a radical idea: other vendors have done it long before Microsoft. The difference is that ISAS provides integration with the familiar Windows 2000 Server environment. Any system administrator who has experience with Internet Information Server (IIS) will immediately feel comfortable with how ISAS uses the Microsoft Management Console (MMC) for administration.
Perhaps the most intriguing part of the announcement is the ability to extend ISAS’s functionality. Microsoft has produced a SDK (software developer kit) that allows third-party vendors to extend and customize ISAS. It has already lined up a series of vendors that are going to provide traffic visualization tools, customized firewall filters, access policy wizards, and utilization analysis software.
ISAS will be available later this year. Will it succeed where Proxy Server didn’t? I think some Internet administrators will be smitten by its integration and extensibility. Others will appreciate how easy it is to set up. Most of us, I suspect, will do a dollars-and-sense analysis. Microsoft isn’t saying how much ISAS will cost, but if they come up with a reasonable price they may have something that stands out as much as a boy named Sue. --Mark McFadden is a consultant and is communications director for the Commercial Internet eXchange (Washington). Contact him at firstname.lastname@example.org.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.