How to make TMG 2010 more reliable with redundancy for DR site ?
Hi,
At the moment I'm using MS TMG 2010 as my firewall to publish my Exchange Server and IIS website to the internet, however it is just one VM in the DMZ network with just one network card (vNIC), what sort of redundancy method that is suitable for making this firewall VM redundant / automatically failover ?
Because it is very important in the event of disaster recovery all important email through various mobile device will still need to operate and it is impossible if this TMG 2010 VM is offline.
is it by using:
1. NLB
2. Clustering
3. Vmware HA / FT (one VM in production, the other VM in DR site ?)
Any suggestion and idea willl be appreciated.
Thanks.
At the moment I'm using MS TMG 2010 as my firewall to publish my Exchange Server and IIS website to the internet, however it is just one VM in the DMZ network with just one network card (vNIC), what sort of redundancy method that is suitable for making this firewall VM redundant / automatically failover ?
Because it is very important in the event of disaster recovery all important email through various mobile device will still need to operate and it is impossible if this TMG 2010 VM is offline.
is it by using:
1. NLB
2. Clustering
3. Vmware HA / FT (one VM in production, the other VM in DR site ?)
Any suggestion and idea willl be appreciated.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ah OK, While I was reading article regarding hi availability of TMG 2010, I read that I must do the multicast NLB, in my current situation my TMG 2010 is standard edition with just one vNIC on top of VMware ESX and this TMG 2010 publish my CAS for Exchange Activesync which is vital for my company.
based on your suggestion then I should look for the Enterprise edition and then set 2x vNIC on each VM per site ?
based on your suggestion then I should look for the Enterprise edition and then set 2x vNIC on each VM per site ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, here's my summary and understanding from the above thread:
1. deployment of 1x TMG Enterprise 2010 site as single vNIC - in production site
2. deployment of 1x TMG Enterprise 2010 site as single vNIC - in DR site
3. deployment of 1x EMS on dedicated server to create and manage the above TMG 2010 in production site.
4. Configure the servers above as array of Multicast NLB configuration.
is that what I suppose to do ?
1. deployment of 1x TMG Enterprise 2010 site as single vNIC - in production site
2. deployment of 1x TMG Enterprise 2010 site as single vNIC - in DR site
3. deployment of 1x EMS on dedicated server to create and manage the above TMG 2010 in production site.
4. Configure the servers above as array of Multicast NLB configuration.
is that what I suppose to do ?
Don't really know for the dedicated EMS server. Maybe could you use an existing server.
But this could be a solution to get HA. And you should duplicate DC, Exchange CAS/HUB/MBX too for true HA.
But this could be a solution to get HA. And you should duplicate DC, Exchange CAS/HUB/MBX too for true HA.
ASKER
Yes The AD DC and exchange has been made redundant already by utilizing CCR :-)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your response
ASKER
@sulimanw: wow that's sounds great too, but in this case my company already got service contract with one of the big ISP in my country.