Reverse proxy provides for enhanced security by not
exposing internal web servers directly to the Internet.
Sizing Hardware Components for an ISA Caching Server
For firewall purposes, it is difficult to overload an ISA server, simply because only so much
data typically can be pushed at an ISA server through a standard Internet connection. For
example, the rule of thumb with ISA Server is to assume that each T1 supplied to ISA adds
an additional 2.5% of CPU utilization. This allows for theoretical ISA deployments of a
single server on an Internet connection of up to T3 status.
Content caching, however, changes the performance equation somewhat because the
amount of processor utilization required by the system increases. This is particularly so if
ISA will be used as a transparent proxy, where clients are not aware that they are using a
proxy. Transparent proxy servers, described in more detail later in this chapter, utilize
approximately twice as much processor time as regular forward proxy servers. Even with
this knowledge taken into account, however, adding ISA servers to an environment for
performance reasons becomes an issue only when the number of proxy clients approaches
1000.
Pages:
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372