What does ISA 2006 bring to my deployment that is not available with ISA 2004?

In your travels through the various ISA publishing wizards, you may have wondered, "what exactly does ISA 2006 do that ISA 2004 can't?"

Here is the list, folks:

Ø Certificate authentication + Kerberos Constrained Delegation. Think EAS & OWA with user certificate authentication.

Ø Authentication Delegation for Basic, NTLM and Kerberos. ISA 2004 only had Basic Delegation.

Ø Web farm publishing using cookie or IP affinity. Provides many advantages over NLB at the Exchange FE servers.

Ø Client-aware authentication. Finally; a single listener for *all* Exchange web publishing!

Ø Code-page-aware web publishing. When the client application provides this information (most do), ISA can deliver language-specific error and logon/logoff pages.

Ø LDAP authentication for web publishing was added. 

Ø Enterprise & Array Global and rule-local link translation. Your arrays & rules can share link translation settings!

Ø Certificate quality awareness (ISA 2004 SP2 has a *small* piece of this)

Ø Configuration Storage server connection via VPN tunnel (branch office scenario)

Ø Flood mitigation like no other. ISA 2006 can detect malware activity; not just “packet storms” (I know; I tested it!).

Ø

The envy of their peers for having deployed the kewlest firewall/proxy on the planet (the galaxy is still being evaluated).

Jim Harrison

ISA Server Sustained Engineering