Use ISA to securely publish multiple websites

I have 10 m optical fiber, and the speed has been ideal since I implemented flow control on the Intranet. I used to have to publish Web services externally, but I had to suffer from no flow control equipment, even opening web pages on the Intranet is terrible. How can you open your published service.

For the Publishing Server, we all know that it is just a ing on the router, and another application is a DMZ zone. The method is simple, but I personally considered the following issues: (of course, it is for my own applications)

• Ing cannot be done for domains. However, you generally have different sites on different servers on the Intranet. Simple ing is not easy to implement. Many of Google's friends are looking for similar problems. Although I have five IP addresses, it is equally troublesome to implement them. Besides, what if you need to publish six websites.
• You may say that one IP address is mapped using different ports. This is certainly acceptable, but I don't want to do this, and I don't want to make the room end too troublesome. This is just like learning to use the "Host Header" when you are studying IIS. We need to pursue perfection.
• In addition, direct ing sometimes does not solve the security problem well, which is quite one-sided. For example, I have a Sharepoint instance, which can be accessed through the Intranet at will, but I do not want to be fully open to the Internet, that is, the Internet can only be accessed through login. Besides my methods, of course there are other methods, but I think ISA is more convenient to do this, and you can make some login forms on your own. (Of course, after all, my full set of Microsoft products. If most of your servers are Linus servers, it will not be necessary. Another advantage of using Microsoft is that the entire system is unified)
• For DMZ, the application here is unnecessary (that's simple)

I used to use ISA when I didn't buy a hardware router before. I felt really good, but the configuration of the server was too low and sometimes got stuck. To be honest, if I change to the new 3650, certainly there will be no problem. This is because of the ISA experience that I thought of when I posted my website. Let's talk about the principle first:

For example, on a vro, 80 is mapped to the ISA Server. Here, ISA is dedicated to website publishing. Isa requires dual NICs, one of which is in the same network segment as the server, the other one only needs the vro to access it. You can use ISA to publish a site. Basically, you can release any number of sites. In theory, you can use an IP address, you can also set different sites on ISA, such as verification, cache, and security.

Let's talk about my practices (in fact, I don't need to understand the above ):

I have a server that does not run a lot of services. It was originally used to run WSUS. I installed an isa2006 Standard Edition on it. I was prepared to use the single-arm mode, however, after reading the information, I found that Nat or forwarding is not allowed in this mode. The server is a dual Nic. I only need to connect the other Nic to the corresponding port, and then configure the VLAN or something to ensure that this line can be accessed by the router. Next, we will create an ip nat on the router, map all the Internet IP 80 to ISA, and use ISA to publish sites one by one. If you want to implement SSL, then we can map 443 on the vro and add a 443 listener, which is very convenient. I will not talk about the use of ISA.

Using this method can solve the problem of publishing multiple websites. Of course, if you have a large number of websites and a large amount of traffic, you should consider the performance of the ISA Server.