Solved

TMG 2010 for Publishing

Posted on 2013-05-11
12
714 Views
Last Modified: 2013-05-21
Dear All,

I'm planning to Install TMG 2010 server in our DMZ to publish Exchange, Lync & SharePoint, the TMG will include two NIC's, one connected to Internal network and one to DMZ.

I need to ask, is it better to join the TMG to our internal domain? or keep it workgroup? with details please.

Thanks
0
Comment
Question by:Rhala
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 8

Expert Comment

by:teomcam
ID: 39159215
Joining to the domain will give you much more advantages and flexibility. Just go for domain. You will have a perfect AD integration and control on users account. You can create fine grained rules.
0
 

Author Comment

by:Rhala
ID: 39159218
thanks teomcam,

i will use TMG for publishing only, so still domain member is preferred?

what do you mean about the "fine grained rules"?

thanks
0
 
LVL 8

Expert Comment

by:teomcam
ID: 39159313
You may have some difficulties and may need to look for workaround for authentications as you are going to deploy Sharepoint, Lync and Exchange. Please check following link as it compares both option in detail.

http://blogs.technet.com/b/gulfinfra/archive/2010/09/04/tmg-specific-limitations-considerations-and-requirements.aspx
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 39162998
I agree with teomcam.

Join it to the domain then publish the services. it is a secure scenario.

P.S Done not open not needed ports from DMZ to internal network.
0
 

Author Comment

by:Rhala
ID: 39176707
The TMG include two NIC's, one connected to external and one to internal, my internal DNS server do not solve external names, so do i have to configure the DNS pointing to the external DNS?
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 39176842
Not recommended.... Its better to configure the internal dns to resolve external names
0
 

Author Comment

by:Rhala
ID: 39177068
the internal policy didn't allow us to do this work, so is there a work around for this?
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 39177093
How internal clients resolve external names ?
0
 

Author Comment

by:Rhala
ID: 39177318
through the Proxy (BlueCoat proxy)

TMG needed for publishing only.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 39177411
If it's for publishing  only no need to resolve external names.... Point it to the internal.dns .
0
 

Author Comment

by:Rhala
ID: 39177634
It's only for publishing exchange, Lync and sharePoint

So is that confirm that no need for internal DNS to solve external names?
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 39177679
This is confirm that TMG does not need to resolve external names.

if the proxy server authenticate users before before browsing the internet then it needs to use the internal dns server as a prefared dns to be able to authenticate users.

Also the common config is configure allow the internal dns to resolve names and point the proxy server to internal dns.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question