The Hardware !!!!!
what hardware is best for my environment ?
well here is the two TechNet articles that clear the sizing and min requirements
System requirements for Forefront TMG
Forefront TMG 2010 hardware recommendations
also there is Forefront Threat Management Gateway 2010 Capacity Planning Tool located
well all of this is very nice but still what hardware is best for me ,let me sum it for you
for every 1000 user you should have server with one processor quad core, 8G ram with of 160G of space for logging
the Ram can go up to 12G but no more -impact will be minimal after that – but hard disk for 10K user need 2TB and 2 quad core processor ,also you can not go below 4G ram and 80G space
note: one TMG server can hold up to 13K user (don’t do that ) if you that scale use array of TMG don’t use single node .
- always try to install TMG on windows 2008R2 ,
- two network cards
- and the above hardware
First we rename our network connections to mean something
Important note :
windows keeps only one table for DNS so don’t use any external DNS always use internal DNS this found to be very useful . if you used DNS on the external adapters you should set static routes so that TMG know which interface to use this DNS in . also don’t forget to remove the Register in DNS on the external connection otherwise TMG will register the external IP in internal DNS -if TMG was domain joined – client may try to reach the external IP addresses which is not possible
We insert the TMG DVD
Run the preparation tool
Select the correct option for your installation
and the wizard will install/download all the needed software for you
the tool kick the installation wizard
press next until you reach
now the naming of the network connections come in handy we select our LAN connection
that’s it, after 30 Minutes the TMG installed
after TMG is installed install TMG SP1 and TMG SP1 update1
The service pack includes the following new features and feature improvements:
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel.
Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization’s needs.
Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server.
Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.
TMG Update 1
The following is provided by Forefront TMG Update 1:
• SafeSearch Enforcement. Forefront TMG can enforce blocking adult text, images and videos from search results by popular search engines. SafeSearch can be enforced on specific groups or to the entire organization.
• Including non-primary URL filtering categorizations. Forefront TMG uses an algorithm to select a URL’s “primary” category from among up to four categorizations provided by Microsoft Reputation Services (MRS). In Update 1 you can control access to sites that match any of the non-primary categorizations provided by MRS. For example, a URL with a primary categorization of News can now match a rule by any of its non-primary categorizations (such as Web Mail).
• Support for Exchange 2010 SP1
• Bug fixes and various other improvements. For details, see http://go.microsoft.com/fwlink/?LinkId=201151.
you May also want to view other parts