Tak a je to tady! Veřejná beta ISA Server 2006 (Wolverine). Stránky k ISA2006 jsou úžasné - nejen beta verze ke stažení (po registraci), ale také spousty dokumentace, FAQ a mnohé další. Když už nic jiného, tak flash animace jsou geniální a stojí stoprocentně za shlédnutí...
Link:
http://www.microsoft.com/isaserver/2006/default.mspx
Byl jsem také přítomen prezentaci a diskuze, část z ní zde publikuji...
Question: Is ISA 2006 going to have other features like high availability for internet connection (aka hot-standby ISP connection). It's the most required feature by customers on public NGs)
Answer: I'm not very familiar with this feature. I can't say that we've made a big investment here in Wolverine, but I'm interested in hearing more about this customer requirement. Could you email me the pains/scenarios that customers have around this issue?
Question: Another wanted feature is a unified console for Standard and Enterprise edition (some customers have Enterprise edition for main office and several Standard editions for branch offices). Is this planned?
Answer: Not exactly. However, part of our appliance push is to get Enterprise Edition in the appliance box so that branches can be part of the organization's enterprise.
Question: How do you enter groups using LDAP? Its not clear in the UI when you create groups. Its almost exactly the same as RADIUS
Answer: You specify groups the same way that you specify users, that's why the UI looks the same. Just put in the name of the group as its defined in the domain of the LDAP server you are working with and it will work.
Question: Are there going to be upgrade routes for current ISA 2004 appliances?
Answer: We support "in-place" upgrade from ISA 2004 to ISA 2006 which will upgrade the binaries and all the configuration on a particular SE software box. There are special considerations in an appliance form factor which will depend on each OEM, but the upgrade functionality of the software can definitely be applied in an appliance setting.
Question: Is there going to be any way to set the source IP of a NATet connection, When a computer behind ISA start a connection to internet it always sets the ISA's primary IP as the source address.
Answer: Unfortunately, we haven't improved our offerings in the NAT space in Wolverine. Believe me, this was a painful decision, but we wanted to concentrate on the secure remote access scenarios.
Question: I tried adding a group but it did not work. What format should we use for adding an AD group using LDAP authentication?
Answer: You should just be able to put the group name itself - that is, you shouldn't have to put in the domain part, because its implied based on the LDAP server you're working with.
Question: and what about Microsoft Command Shell (MONAD) - are there any plans for administrative support? it will be great
Answer: We haven't included any special support for MONAD, and we're planning a release specifically for Longhorn Server which may be more appropriate for this. Since MONAD is fairly new, I'm interested in hearing about how you think customers will want to use it. Please send me your thoughts by email
, if you have the time. Thanks!
Question: Is it possible to be a member of ISA 2006 Beta program?
Answer: We're doing a public beta, so everyone will be able to download the beta from Microsoft.com. There is also private beta program, which is by invitation only.
Question: are there any plans about ISA 2006 and SBS 200x? New installation or upgrade? (aka SP1 on SBS2003)
Answer: We're still talking with SBS about upgrade possibilities, but there will not be a shipping version of SBS that includes ISA 2006 in it.
Question: Is it correct state that ISA 2006 will be an evolution of 2004 rather than revolution?
Answer: We've focused in Wolverine on enabling remote access and branch office scenarios with critical features like SSO, Automatic Link Translation and Branch Office VPN improvements. We haven't focused on improving many aspects of ISA's layer-3 firewall capabilities.
Question: are you planning to include an option to automatically block incoming connections from an attacker's ip?
Answer: Part of our "Flood Resiliency" feature defines the maximum number of "half open" connections that we will accept from any IP, as well as the ability to limit the number of concurrent connections and new connection requests per minute.