Solved

Resiliency for TMG 2010 and Server 2008 ADFS

Posted on 2014-11-24
9
154 Views
Last Modified: 2014-11-25
Hi,

I need to set up a standalone array for a TMG2010 enterprise server. While i understand the process of adding another server intho the array - http://technet.microsoft.com/en-gb/library/dd440981.aspx
 i am not clear about how the network failover is going to work, i.e. do i need a virtual ip address or any other particular firewall rules set up?

I also need to set up resiliency for a Windows 2008 ADFS server. What would be the recommended way of doing this and, again, how will the network fail-over work?

Both servers are part of an Office 365 post-migration configuration (if that makes a difference)  

Any help would be greatly appreciated.

Kind regards

Mihail
0
Comment
Question by:mk112233
  • 5
  • 4
9 Comments
 

Author Comment

by:mk112233
ID: 40461566
Further to my earlier question, could you please clarify the licensing requirements for the two setups?

i understand TMG 2010 must be the Enterprise version, does the host OS also need to be Enterprise or can it be Standard?

Same for ADFS - does it need to be standard or enterprise Server 2008?
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 500 total points
ID: 40461871
With ADFS, it would be recommended that you use the latest version. Best practice, 2x ADFS proxy servers in a DMZ and 2x ADFS servers on your LAN. You can use NLB for the ADFS proxy server and the same for ADFS servers on your LAN.

You can refer to the link below.

http://office365support.ca/configuring-windows-nlb-for-ad-fs-2-0/
0
 

Author Comment

by:mk112233
ID: 40461925
Thanks for your response, JBond2010.

What about TMG 2010 resiliency?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 15

Expert Comment

by:JBond2010
ID: 40461940
You can do the same with TMG 2010. I presume you have TMG 2010 Standard? If this is the case you and install a second TMG 2010 Standard edition and configure NLB.
0
 

Author Comment

by:mk112233
ID: 40462224
Apologies for asking trivial questions - i just need to be clear that no additional hardware firewall changes are required for either of these setups? i.e as ling as i set up the existing internal IP of the current servers as a VIP and assing new internal IPs to the two servers in each array? is that correct?
0
 

Author Comment

by:mk112233
ID: 40462246
Also, all of the current traffic rules on the TMG are already set up for the ip address its using. Does it mean they would have to be reconfigured? do you know of any example threads of the standalone TMG 2010 configuration with NLB?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40462265
You can refer to the link below. NLB is the management console of TMG. NLB is a feature in Windows Server 2008 and is also integrated in TMG 2010.

http://technet.microsoft.com/en-us/library/dd897010.aspx


Regards,

JBond2010
0
 

Author Comment

by:mk112233
ID: 40464324
Thanks JBond2010


One last question before i accept this solution, do you know of a procedure for preparing the second ADFS server before it can be load balanced?

Thanks
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40464334
Yes. You can refer to the link below and this will explain how it is done.

http://technet.microsoft.com/en-us/library/dn151324.aspx


Regards,

JBond2010
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question