ISA 2006 Firewall comes with a lot of nice features by default. But, like everything and everybody, it's not perfect. Unfortunetely it does not come with an integrated bandwidth manager.
As we have seen in a previous article, without having a bandwidth manager installed on ISA can easily lead to an improper Internet bandwidth distribution among the users. Wasteful traffic can exhaust the Internet bandwidth and work related traffic will suffer. Unauthorized installations of download managers for example can seriously affect work related traffic(long delays, timeouts...).
That's why you should always allow only needed traffic to needed destinations.
A nice feature of ISA is the ability to authenticate users based on their Active Directory accounts.
So it will be nice to have a bandwidth manager that integrates with ISA and is able to control/limit bandwidth using Active Directory Groups And Users in addition to machine based control(using IP addresses). In this way the shaping and qouta rules will "follow" the users(the users can use any domain computer on the network). Whatever machine the users will use, they will be able to benefit from the bandwidth alocated to them and ISA will be able to control/limit it accordingly. The quality of the bandwidth per work related traffic alocated per user/groups will be constant, thus increasing work productivity. Non-work related(non-priority) traffic is limited, thus Internet connection costs are reduced.
Let's imagine the bellow situation(reduced and simplified).
User X is working with an application that connects him/her to a remote server. Another user Y is killing his/her time and surfs on the Internet, starts a couple of downloads and so on. Due to the "activity" of user Y, user X will not have a fixed, constant bandwidth allocated, although he/she is working at an important project. User X may experience spikes, delays and timeouts when using the needed application. These lead to frustration and thus to poor work productivity.
The solution will be to provide user X with a constant channel for his/her duties while limiting the bandwidth for non-work related activity(like the one of user Y). The shaping of the channel should be made per destination and per protocol.
In addition, it is very important to have a live picture of all users and their connections through ISA including a chart with the bandwidth utilization. And the ability to immediately disconnect offending users.
A powerful bandwidth manager should be able to do all these. Obviously a powerful bandwidth manager with plenty of options can help in many other situations.
In this article we will take a look at Bandwidth Splitter.
Read more...