Configuring A Cache Policy

ISA Server’s firewall features are quite interesting and typically receive the primary focus when functionality and configuration is discussed. However, ISA Server’s caching features – the acceleration portion of Internet Security and Acceleration Server – contain a number of important configuration options that impact how quickly users on your network, or users on the Internet, receive information.

ISA Server caches Internet objects, according to your configuration, on cache drives that you configure during setup or at a later time using Cache Configuration in ISA Management. Once those cache drives are configured, ISA Server can begin storing Internet objects and returning those objects directly to clients as they request them. Caching works in both a forward and reverse manner so that you can use caching to speed content access for internal clients, but you can also speed access for external clients accessing internal resources, such in the case of Web or server publishing.

Curt Simmons is the Author of ‘Microsoft ISA Configuration and Administration
Click Here to purchase his book from (April, 2001)

Not all Internet content is cacheable, and ISA is preconfigured not to cache Web pages that have certain information contained in their response or request headers. This type of information simply does not function well in the cache, and the following bullet list explains the response and request headers that ISA reads to determine that no caching should be used:

  • cache-control: no cache – a simple command telling caching systems not to cache the page.

  • cache-control: private – private data that should not be cached.

  • pragma: no-cache – this is typically compiler information that should not be cached.

  • www-authenticate – authentication required.

  • set-cookie – a page that uses a user’s browser cookie to recognize the user.

  • Request header authentication

  • Request header – cache-control: no-store

In order to configure a cache policy that is effective for your environment, you first need to access the Cache Configuration properties. In the ISA administration tool, expand the desired array, then right-click on Cache Configuration and click Properties. You see four primary configuration tabs that are important for your cache policy. The first configurable tab is the HTTP tab, shown in the following figure.

First, the HTTP tab enables ISA to cache HTTP objects. If you clear the Enable HTTP caching check box, no HTTP objects can be cached on the array. Your most difficult configuration for HTTP objects is to determine how long cached objects remain in the cache. You use this tab to configure the TTL so that ISA knows how long the objects remain valid on the server before they must be refreshed from the Internet. The goal is to find a balance that works best for your network. The longer objects remain in the cache, the less network and Internet traffic that is generated because ISA does not have to retrieve items from the Internet and re-cache them as often. The reverse problems is stale cache information that is served to clients. So, you have find a balance between object freshness and network traffic that meets your users’ needs while preserving network bandwidth.

You have three primary options from which to choose. The first setting is Frequently (expire immediately), With this setting, objects expire quickly from the cache. The actual amount of time depends on traffic conditions and the size of the cache. As objects expire, they must be re-cached from the Internet. So, this setting provides the freshest cache information, but generates the most Internet traffic. The second setting is Normal (equally important). Using this setting, freshness of information and Internet traffic are equally important. ISA does not favor freshness over traffic or vice versa, but seeks a balance of traffic and cache life. This is the default setting and is appropriate for most networks. Finally, you can use the Less Frequently (reduced network traffic is more important) setting. With this setting, reduced network traffic is favored over freshness of cached objects. Objects live in the cache for the longest period at this setting.

You also have the option of creating custom settings. Custom settings override any other settings. You can configure a desired Time-to-Live (TTL) value, which represents a percentage of content age. You can set both minimum and maximum values for the TTL, with the default setting being a minimum of 15 minutes and a maximum of 1 day. Custom settings may be useful in some situations, but as a general rule, the Frequently, Normally, and Less Frequently settings will give you the performance that you need. The next Cache Configuration Properties tab, shown in the following figure, is the FTP tab where you can invoke a desired FTP expiration policy.

You can choose to enable FTP caching (which is enabled by default). The only other option is to configure a TTL for FTP objects. By default, FTP TTLs are given 1440 minutes (24 hours) in the cache. This default setting is probably all you will need, but if your clients use a lot of FTP access, you may wish for FTP objects to be refreshed more often.
The next tab is Active Caching. Active Caching allows ISA Server to make decisions about objects need to be cached. Without active caching, ISA Server caches objects in a passive manner, responding to client requests as needed. With Active Caching, ISA Server automatically reaches popular objects without waiting for clients to request them. As users access the Internet and objects are cached, ISA keeps track of objects in the cache are frequently requested. When the TTL for those objects gets close to expiring, ISA can re-cache the object from the Internet, even without a client request. This way, the object is refreshed on a regular basis and never expires from the cache.

On the Active Caching tab, just use the check box to enable active caching. You see the same “frequently, normally, and less frequently” options available as you saw on the HTTP tab. Keep in mind that the frequently setting will give you clients the best performance, but ISA Server will consume more Internet link bandwidth with this setting. The final tab on the Cache Configuration Properties page is the Advanced tab, shown in the following figure.

The Advanced enables you to perform two functions – configure what objects can be cached and configure how the ISA should use available memory for caching. This tab primarily consists of a series of check boxes, but the options here can be very important. Your first check box option enables you to place a limit on the size of objects that should be cached. This feature allows you to control multimedia objects or files. For example, you could place a restriction of 1 MB and no object larger than 1 MB would be cached. This prevents excessive caching of multi-media and graphics. Use the check box and drop-down menu to determine a desired size that you want to limit. Of course, a configured size that is too low many prevent many files from being cached, and therefore your caching functions will take a performance hit since those objects must be retrieved from the Internet each time they are needed. So, use this option if you have a rather limited amount of disk space available for the cache, but do so carefully so that you do not hinder caching performance.

The second option enables you to cache objects that have an unspecified last modification time. This option is selected by default, and simply means that pages or objects that do not have a time stamp of the last modification can still be cached. The next option, which is also selected by default, enables ISA to cache objects that do not have an HTTP status code of 200. The HTTP status code 200 is simply an OK response to a Web server stating that the request was fulfilled. In other words, if ISA retrieves a certain page, a code 200 should appear so that ISA knows the complete page has been obtained. This option enables ISA to cache pages that do not contain this code, and under normal circumstances, you should leave this setting enabled.

The next option enables you to cache dynamic HTTP content. Dynamic HTTP content is generated when a user enters information to a Web server in order to generate information, such as in the case of a Web server. Since most dynamic content is specific to a particular user, such as in a search results page, you typically would not want to cache the dynamic content. However, if your users are access particular sites and particular content, caching dynamic content may have some performance gains.

The next option enables you to specify an overall maximum size, in bytes of a URL that can be cached into the ISA server’s memory. As ISA server retrieves information from the Internet, server memory is used to complete requests. You can use this setting, as well as the final setting on this page to determine how the ISA server should use memory resources to service the needs of clients. By default, ISA limits the size of a URL to 12800 bytes in terms of ISA memory. URLs larger than this cannot be completely loaded into ISA server’s memory. This is a good setting that is quite large. You also see at the bottom of the Advanced tab that you can enter a percentage of ISA server’s memory that can be used for caching. This setting is 50% by default. This is also the best setting as higher settings may impact overall server performance while lower settings may negatively impact caching performance. The final two radio buttons enable you to configure negative caching. Negative caching allows ISA Server to return objects from the cache that have been expired. For example, let’s say that a particular object’s TTL has expired. A client requests the object, and ISA Server attempts to retrieve it from the Internet. If ISA Server cannot contact the Web server for the object, ISA Server can simply return the old cached item to the client. If you do not want to use negative caching, just click the “Do not return…” radio button. If you want to use negative caching, click the appropriate radio button and enter the desired information in the TTL percentage box and minutes box. The percentage box tells ISA how long to use the object based a percentage of its original TTL. The minutes box simply tells ISA server to not use the object for longer than x minutes. The defaults are 50% and 60 minutes, which is the best setting for most environments.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top