Responses to this month’s survey about Internet Security and Acceleration (ISA) Server 2004 indicated that many readers prefer a hardware firewall solution to a software solution. Typical questions readers wanted to ask Microsoft in this area included, “When will they ship ISA as an appliance to compete against other hardware firewalls?” and “Will an appliance possibly be offered by Microsoft or maybe a hardware partner?”

I asked Josue Fontanez and Joel Sloss these questions. Josue told me, “Within the past 6 months, we announced six new appliance vendors: Celestix Networks, HP, Network Engines, Pyramid Computer, RimApp Technologies, and Wortmann AG. ISA Server 2004 appliances have several similarities that we’re really excited to tell customers about. First, they come preinstalled with ISA Server 2004 and Windows Server 2003. Second they’re pretested. Third, they’re preconfigured. And they come with a locked-down environment. We’re providing those solutions to customers because we’ve heard that some customers really want a software-based solution that they can install and configure. But many others want a solution that comes baked in, that they can buy and install on their network so they’re pretty much ready to go in a few minutes. Appliances let us provide those solutions to customers.”

Joel added, “Another thing that makes the appliance form factors appealing is the customization that OEMs can do. You’ll find some of them have built Web-based front ends to the administration interface. They’re free to do other bundles, putting in some of these third-party application filters, different out-of-box experiences. So not only is it unique to what that particular vendor is providing, but they can provide a more tailored solution—it can be just a caching box, or just a firewall VPN box; it just depends on what the customer is looking for and at what price point.”

I asked what business segments would be most interested in ISA appliances. Joel replied, “It really depends on the scenario. This first generation of devices is based on ISA 2004 Standard Edition, so that sort of dictates generally what they’re used for. That said, the great thing is that various OEMs offer different configurations for different sizes and types of workloads. A good example is the HP box. It’s an HP ProLiant DL 320—a 1U box. I believe the standard configuration is a single processor that can be upgraded to dual. So for an environment where you have, say, a branch office or a smaller organization that might have only 100 users, but you’re doing really deep filtering and really advanced stuff, that workload might take up the processing power of a given appliance model. But you could instead use that same box as a VPN gateway and support 2000 users on it. Or you could have 1000 Outlook Web Access (OWA) users using it simultaneously to access Exchange. So the business segment very much depends on the scenario and how much power you’re going to need to drive it. The same is really true with the software, as well, and how you do your system sizing. On the Web site, we also have specific guidance for how to pick the right box.”