Network Protection
ISA Server 2006, a web proxy with integrated firewall and VPN server functionality, protects the network edge. Since it integrates with Active Directory, user authentication at the proxy can be performed against the domain. ISA offers several wizards for enabling access to individual Exchange features like Outlook Web Access, Exchange ActiveSync or RPC over HTTP through the Internet.
Another product which is, however, not a core feature of Forefront Security is Microsoft's Intelligent Application Gateway (IAG) 2007 for ISA Server 2006. IAG 2007 provides businesses with single sign-on solutions as well as stricter authentication mechanisms. Also, it allows for VPN via SSL, which enables corporate users to access internal applications and their entire networks from their browsers. Essentially, IAG 2007 is an extended version of the SSL VPN product by Whale Communications, which was bought by Microsoft in 2006.
Various vendors also offer Intelligent Application Gateway 2007 combined with ISA Server as a hardware appliance. Corporate applications can be accessed through a completely customisable portal using a browser.
Perspective
Forefront is not suitable for businesses which use Small Business Server 2003 since the latter comes with Exchange Server 2003. Only Small Business Server 2008, which is due to be released shortly after Windows Server 2008, will feature an ISA Server 2006 firewall and an Exchange Server 2007 email server.
With the introduction of Windows Server 2008, Microsoft plans to combine Forefront Client Security with the new Network Access Protection (NAP) technology. A NAP server can, for example, verify whether a client has all the current antivirus updates. If this is not the case, the client is isolated and updated. When Forefront Security detects malware on a PC, the NAP server can place this PC in quarantine. This feature is intended to prevent infected clients from passing malware on and infecting the entire network. To use NAP it is not necessary to update the entire network to Windows Server 2008, it is also said to work with Windows Server 2003.
Costs and Conclusion
Forefront Security can either be covered by an Enterprise Client Access License (CAL) for Exchange Server 2007 or licensed separately per mailbox. It costs about 40 Euros per mailbox annually. Licenses are cheaper for large businesses with the corresponding Microsoft contracts. In general, the larger the number of licensed mailboxes, the lower the price per mailbox. Microsoft has neither announced a release date nor a price for Forefront Client Security. The software is, however, also said to become available by subscription. Microsoft stipulates an estimated 1 Euro per user and month as well as about 250 per month for every server which runs the Forefront Client Security management console and manages the client agents. According to Microsoft, the maximum number of client agents for Server is 10,000.
Businesses who are running Exchange Server 2007 and are looking for a good virus scanner should consider Forefront Security for Exchange. The Sybari product has a good reputation partly because it utilises numerous respectable scan engines, for example Kaspersky and Sophos. A first functionality test has confirmed this impression. Forefront Client Security, however, should be given a miss while it has not been verified that along with its technology the business solution has not also inherited the weaknesses of the consumer product. (dab)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
