Last month we submitted the ISA Server 2004 Best Practices Analyzer Tool (codename IsaBPA).
What is IsaBPA?
The ISA Server Best Practices Analyzer is a tool that collects configuration data from the local ISA Server computer, such as ISA configuration settings, hardware configuration, OS configuration and more. It examines the above information. Then it notifies the user if there are any configuration issues, and provides information regarding how to fix them.
What Does IsaBPA Cover?
The current release of IsaBPA performs more than 100 checks. Some of the issues that can be detected are:
- Certificate management issues, such as an invalid or a missing certificate on the published web server or on the ISA Server computer itself.
- Single network adapter scenario issues, such as the use of the External network in the policy.
- Deployment issues, such as missing basic access rules.
- Networking issues, such as inability to connect to the DNS server or to the Configuration Storage Server (in Enterprise Edition.)
The ISA Server Best Practices Analyzer has several cool features. The tool has a live update mechanism. It allows the administrator to check whether there are new updates for the tool and download them. You can set this tool to check for live updates every time the tool starts. In addition, if you are a command-line person, you can run this tool from the command-line or schedule a weekly scan.
IsaBPA can be used in a number of ways. It can be used to proactively check the health of the ISA Server deployment, finding issues that may increase the stability of the system, improve security and improve performance. It can also be used to assist troubleshooting of a particular issue. In many cases, the use of IsaBPA can eliminate the need for calling Microsoft support.
It is noteworthy that the tool is not invasive in any way. It does not change anything in the system. IsaBPA only informs you about probable issues and suggests ways to fix them.
The IsaBPA is available for download for free and can be found at:
First of all, we are looking into listing hundreds of ISA properties, so you may all view your ISA settings (even some settings that cannot be viewed via the MMC). Next we are thinking about adding new checks. We might add several OWA checks, for instance a check that examines the ports specified for listening and for bridging. We are also thinking about adding basic Configuration Storage Server checks, some RADIUS checks, and more. Finally, we are looking into bugs found in the last release.
Idan Plonsky, ISA Team