Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Resiliency for TMG 2010 and Server 2008 ADFS

Posted on 2014-11-24
9
Medium Priority
?
163 Views
Last Modified: 2014-11-25
Hi,

I need to set up a standalone array for a TMG2010 enterprise server. While i understand the process of adding another server intho the array - http://technet.microsoft.com/en-gb/library/dd440981.aspx
 i am not clear about how the network failover is going to work, i.e. do i need a virtual ip address or any other particular firewall rules set up?

I also need to set up resiliency for a Windows 2008 ADFS server. What would be the recommended way of doing this and, again, how will the network fail-over work?

Both servers are part of an Office 365 post-migration configuration (if that makes a difference)  

Any help would be greatly appreciated.

Kind regards

Mihail
0
Comment
Question by:mk112233
  • 5
  • 4
9 Comments
 

Author Comment

by:mk112233
ID: 40461566
Further to my earlier question, could you please clarify the licensing requirements for the two setups?

i understand TMG 2010 must be the Enterprise version, does the host OS also need to be Enterprise or can it be Standard?

Same for ADFS - does it need to be standard or enterprise Server 2008?
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 1500 total points
ID: 40461871
With ADFS, it would be recommended that you use the latest version. Best practice, 2x ADFS proxy servers in a DMZ and 2x ADFS servers on your LAN. You can use NLB for the ADFS proxy server and the same for ADFS servers on your LAN.

You can refer to the link below.

http://office365support.ca/configuring-windows-nlb-for-ad-fs-2-0/
0
 

Author Comment

by:mk112233
ID: 40461925
Thanks for your response, JBond2010.

What about TMG 2010 resiliency?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:JBond2010
ID: 40461940
You can do the same with TMG 2010. I presume you have TMG 2010 Standard? If this is the case you and install a second TMG 2010 Standard edition and configure NLB.
0
 

Author Comment

by:mk112233
ID: 40462224
Apologies for asking trivial questions - i just need to be clear that no additional hardware firewall changes are required for either of these setups? i.e as ling as i set up the existing internal IP of the current servers as a VIP and assing new internal IPs to the two servers in each array? is that correct?
0
 

Author Comment

by:mk112233
ID: 40462246
Also, all of the current traffic rules on the TMG are already set up for the ip address its using. Does it mean they would have to be reconfigured? do you know of any example threads of the standalone TMG 2010 configuration with NLB?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40462265
You can refer to the link below. NLB is the management console of TMG. NLB is a feature in Windows Server 2008 and is also integrated in TMG 2010.

http://technet.microsoft.com/en-us/library/dd897010.aspx


Regards,

JBond2010
0
 

Author Comment

by:mk112233
ID: 40464324
Thanks JBond2010


One last question before i accept this solution, do you know of a procedure for preparing the second ADFS server before it can be load balanced?

Thanks
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40464334
Yes. You can refer to the link below and this will explain how it is done.

http://technet.microsoft.com/en-us/library/dn151324.aspx


Regards,

JBond2010
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question