I've been doing TMG planning and implementation of high availability in the enterprise for some time. The most common use of high availability in Windows products is "cluster (Cluster)" and "Network Load Balancing (NLB)", so how do we operate in TMG to achieve high availability?
In the Microsoft TMG products to achieve high availability, we generally rely on "TMG array" + "Network Load Balancing (NLB)" to achieve, currently in the enterprise security boundary planning, we generally use one or more Forefront TMG array for Forefront TMG deployment, NLB configuration According to the needs of the enterprise.
Currently, the Forefront TMG Array provides the following functions mainly:
1, high availability: To ensure the continuous operation of the Forefront TMG deployment, including one or more Forefront TMG server downtime during deployment. The Forefront TMG configuration settings are identical on all servers in the array, allowing uninterrupted service to occur when one or more array members fail over.
2, scalability is mainly used to meet the growing performance needs of enterprise development. With the growth of enterprise development planning, TMG can easily be upgraded from a single Forefront TMG deployment to a Forefront TMG array, as well as increase the number of members in an existing array or increase the number of arrays.
3. Distributed permanent caching typically updates all servers with the latest Array manager configuration, enabling users to specify new array managers on demand. This information is permanent and is retained during one or more Forefront TMG server outages in the deployment.
The following table lists some of the features of the Microsoft TMG Product Standard Edition and the Enterprise Edition, hoping to give you some help in the enterprise deployment and procurement, choose the version suitable for the enterprise needs.
|
Standard Edition |
Enterprise Edition |
Supported Deployment Scenarios |
Standalone server |
Servers in a standalone array Servers in an EMS-managed array |
Cpu |
Up to 4 core CPUs |
Unlimited |
Store |
Local |
Supports remote management of firewall policies and configuration settings. |
Array/nlb/carp Support |
X You can have only one server in an array. |
√ |
Management |
X |
Support, adding the ability to manage Standard Edition. |
Release |
√ |
√ |
VPN Support |
√ |
√ |
Forwarding agent/Cache compression |
√ |
√ |
Network IPS (NIS) |
√ |
√ |
e-mail Protection |
Exchange License Required |
Exchange License Required |
Web Protect |
Need to subscribe |
Need to subscribe |
See more Highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/zs/
With the content shown above, we can easily see that the forefront TMG Enterprise supports multiple server arrays. The Forefront TMG standard supports only a single server array, so the version selection needs to be very attentive when building a TMG based array.
So let's take a look at what the Forefront TMG array is. What is its role?
The first thing we want to mention is that the Forefront TMG array is a collection of Forefront TMG servers that are centrally managed through a single management interface. When you create a Forefront TMG array, the following configuration settings are stored in a central location:
1. Array configuration settings, which are related to all members of the array and are shared by all members.
2. Server configuration settings for each array member, which is related only to specific array members.
TMG Enterprise arrays can be supported by a total of two types of array types are "independent array" and "EMS management of the array," the following we will make a simple description of the two arrays:
1. Depending on the load-balancing method chosen in the independent array, a single array can contain up to 50 Forefront TMG servers managed by an array member acting as an array manager, and if Forefront TMG deployed in a single logical location and handles moderate traffic loads, You can use this array type.
2, EMS Management array: EMS management of the array can contain up to 200 Forefront TMG array, each array contains up to 50 Forefront TMG server, these servers by Enterprise Manager server (EMS) management. After you establish an EMS-managed array, you can replicate its settings and use the same settings to manage up to 15 EMS-managed arrays, allowing centralized management of up to 150,000 Forefront TMG servers.