Rick Goodman
asked on
Forefront TMG
What advantages are there to having TMG 2010 and Edge Transport on the same physical server, other than hardware costs? Is it OK to have them on separate physical servers? And if so, do you still keep both of them in the DMZ? And should they both be left in a workgroup or should either or both be a domain member? Any help would be aprreciated.
Both should be in the domain and on the same box. There are numerous reasons for this:
Hardware costs, additional OS license, need to open additional ports in TMG to allow any DMZ-based servers through to the internal domain, addiotnal admin overhead etc to name but a few.
The postives of putting the Edge on the TMG box also include allowing you to keep all of the Exchange services securely tucked behind the TMG, you get the protection systems inherent with TMG to protect the OWA services, activesync and the like for publishing out to your users and finally you can use the mail policies - specifically geared for Exchange - theat TMG provides... and that you have paid for in the license.
No brainer.
Hardware costs, additional OS license, need to open additional ports in TMG to allow any DMZ-based servers through to the internal domain, addiotnal admin overhead etc to name but a few.
The postives of putting the Edge on the TMG box also include allowing you to keep all of the Exchange services securely tucked behind the TMG, you get the protection systems inherent with TMG to protect the OWA services, activesync and the like for publishing out to your users and finally you can use the mail policies - specifically geared for Exchange - theat TMG provides... and that you have paid for in the license.
No brainer.
ASKER
That's actually what I tried first but I had so many problems with some of the tmg services hanging and locking up the server it got to be a headache rebooting the server being it's the only Edge server I have so it interrupts email and really scares me to have that many problems on my mail server. This way the worst thatbhappens if tmg acts up is users Have to connect to the VPN to get mail until i fix it. That's why I'm looking at keeping them separate, but I do still plan on publishing ActiveSync and OWA with it. Is that not possible with them being on different boxes, or is it still possible? Does that make sense or do you still think it's smarter to keep them together. What are other peoples thoughts on this? Just curious. Thanks.
Always right to seek multiple views and everyone's requirements will be different.
75% of getting this right is undertaken before you have installed a single product (apart from the OS). For example, getting the DNS correct, the bind order of the network cards, the static routes, default gateway etc.
Once the OS is fully configured and joined to the domain, you install the Exchange services and finally you install TMG.
Having them separate is no real issue but I have answered based on your question - what are the advantages. Both will work but integrated is by far the preferred approach for the reasons given.
Keith
75% of getting this right is undertaken before you have installed a single product (apart from the OS). For example, getting the DNS correct, the bind order of the network cards, the static routes, default gateway etc.
Once the OS is fully configured and joined to the domain, you install the Exchange services and finally you install TMG.
Having them separate is no real issue but I have answered based on your question - what are the advantages. Both will work but integrated is by far the preferred approach for the reasons given.
Keith
ASKER
Keith,
So you would recommend they both ar einstalled ont he same machine and a memeber of the domain? What I had before was a workgroup server with both. But maybe that's what complicated it. Although, most of what I saw states that Exchange Edge shouldn't be on a domain server. But I do know you deal a lot with this kind of stuff so I definately respect your opinion. Maybe I should try it again as a domain member. I'll run it by our IT Director. Thanks.
So you would recommend they both ar einstalled ont he same machine and a memeber of the domain? What I had before was a workgroup server with both. But maybe that's what complicated it. Although, most of what I saw states that Exchange Edge shouldn't be on a domain server. But I do know you deal a lot with this kind of stuff so I definately respect your opinion. Maybe I should try it again as a domain member. I'll run it by our IT Director. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm going try it like that.
ASKER
Thanks. It's working great now.
Welcome :)
I will suggest this topology:
Exchange->Edge->TMG
This should work good for you!