Resiliency for TMG 2010 and Server 2008 ADFS


I need to set up a standalone array for a TMG2010 enterprise server. While i understand the process of adding another server intho the array -
 i am not clear about how the network failover is going to work, i.e. do i need a virtual ip address or any other particular firewall rules set up?

I also need to set up resiliency for a Windows 2008 ADFS server. What would be the recommended way of doing this and, again, how will the network fail-over work?

Both servers are part of an Office 365 post-migration configuration (if that makes a difference)  

Any help would be greatly appreciated.

Kind regards

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mk112233Author Commented:
Further to my earlier question, could you please clarify the licensing requirements for the two setups?

i understand TMG 2010 must be the Enterprise version, does the host OS also need to be Enterprise or can it be Standard?

Same for ADFS - does it need to be standard or enterprise Server 2008?
JamesSenior Cloud Infrastructure EngineerCommented:
With ADFS, it would be recommended that you use the latest version. Best practice, 2x ADFS proxy servers in a DMZ and 2x ADFS servers on your LAN. You can use NLB for the ADFS proxy server and the same for ADFS servers on your LAN.

You can refer to the link below.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mk112233Author Commented:
Thanks for your response, JBond2010.

What about TMG 2010 resiliency?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

JamesSenior Cloud Infrastructure EngineerCommented:
You can do the same with TMG 2010. I presume you have TMG 2010 Standard? If this is the case you and install a second TMG 2010 Standard edition and configure NLB.
mk112233Author Commented:
Apologies for asking trivial questions - i just need to be clear that no additional hardware firewall changes are required for either of these setups? i.e as ling as i set up the existing internal IP of the current servers as a VIP and assing new internal IPs to the two servers in each array? is that correct?
mk112233Author Commented:
Also, all of the current traffic rules on the TMG are already set up for the ip address its using. Does it mean they would have to be reconfigured? do you know of any example threads of the standalone TMG 2010 configuration with NLB?
JamesSenior Cloud Infrastructure EngineerCommented:
You can refer to the link below. NLB is the management console of TMG. NLB is a feature in Windows Server 2008 and is also integrated in TMG 2010.


mk112233Author Commented:
Thanks JBond2010

One last question before i accept this solution, do you know of a procedure for preparing the second ADFS server before it can be load balanced?

JamesSenior Cloud Infrastructure EngineerCommented:
Yes. You can refer to the link below and this will explain how it is done.


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.