• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 735
  • Last Modified:

TMG 2010 for Publishing

Dear All,

I'm planning to Install TMG 2010 server in our DMZ to publish Exchange, Lync & SharePoint, the TMG will include two NIC's, one connected to Internal network and one to DMZ.

I need to ask, is it better to join the TMG to our internal domain? or keep it workgroup? with details please.

Thanks
0
Rhala
Asked:
Rhala
  • 5
  • 5
  • 2
1 Solution
 
teomcamCommented:
Joining to the domain will give you much more advantages and flexibility. Just go for domain. You will have a perfect AD integration and control on users account. You can create fine grained rules.
0
 
RhalaAuthor Commented:
thanks teomcam,

i will use TMG for publishing only, so still domain member is preferred?

what do you mean about the "fine grained rules"?

thanks
0
 
teomcamCommented:
You may have some difficulties and may need to look for workaround for authentications as you are going to deploy Sharepoint, Lync and Exchange. Please check following link as it compares both option in detail.

http://blogs.technet.com/b/gulfinfra/archive/2010/09/04/tmg-specific-limitations-considerations-and-requirements.aspx
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Suliman Abu KharroubIT Consultant Commented:
I agree with teomcam.

Join it to the domain then publish the services. it is a secure scenario.

P.S Done not open not needed ports from DMZ to internal network.
0
 
RhalaAuthor Commented:
The TMG include two NIC's, one connected to external and one to internal, my internal DNS server do not solve external names, so do i have to configure the DNS pointing to the external DNS?
0
 
Suliman Abu KharroubIT Consultant Commented:
Not recommended.... Its better to configure the internal dns to resolve external names
0
 
RhalaAuthor Commented:
the internal policy didn't allow us to do this work, so is there a work around for this?
0
 
Suliman Abu KharroubIT Consultant Commented:
How internal clients resolve external names ?
0
 
RhalaAuthor Commented:
through the Proxy (BlueCoat proxy)

TMG needed for publishing only.
0
 
Suliman Abu KharroubIT Consultant Commented:
If it's for publishing  only no need to resolve external names.... Point it to the internal.dns .
0
 
RhalaAuthor Commented:
It's only for publishing exchange, Lync and sharePoint

So is that confirm that no need for internal DNS to solve external names?
0
 
Suliman Abu KharroubIT Consultant Commented:
This is confirm that TMG does not need to resolve external names.

if the proxy server authenticate users before before browsing the internet then it needs to use the internal dns server as a prefared dns to be able to authenticate users.

Also the common config is configure allow the internal dns to resolve names and point the proxy server to internal dns.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now