Solved

Resiliency for TMG 2010 and Server 2008 ADFS

Posted on 2014-11-24
9
152 Views
Last Modified: 2014-11-25
Hi,

I need to set up a standalone array for a TMG2010 enterprise server. While i understand the process of adding another server intho the array - http://technet.microsoft.com/en-gb/library/dd440981.aspx
 i am not clear about how the network failover is going to work, i.e. do i need a virtual ip address or any other particular firewall rules set up?

I also need to set up resiliency for a Windows 2008 ADFS server. What would be the recommended way of doing this and, again, how will the network fail-over work?

Both servers are part of an Office 365 post-migration configuration (if that makes a difference)  

Any help would be greatly appreciated.

Kind regards

Mihail
0
Comment
Question by:mk112233
  • 5
  • 4
9 Comments
 

Author Comment

by:mk112233
ID: 40461566
Further to my earlier question, could you please clarify the licensing requirements for the two setups?

i understand TMG 2010 must be the Enterprise version, does the host OS also need to be Enterprise or can it be Standard?

Same for ADFS - does it need to be standard or enterprise Server 2008?
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 500 total points
ID: 40461871
With ADFS, it would be recommended that you use the latest version. Best practice, 2x ADFS proxy servers in a DMZ and 2x ADFS servers on your LAN. You can use NLB for the ADFS proxy server and the same for ADFS servers on your LAN.

You can refer to the link below.

http://office365support.ca/configuring-windows-nlb-for-ad-fs-2-0/
0
 

Author Comment

by:mk112233
ID: 40461925
Thanks for your response, JBond2010.

What about TMG 2010 resiliency?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40461940
You can do the same with TMG 2010. I presume you have TMG 2010 Standard? If this is the case you and install a second TMG 2010 Standard edition and configure NLB.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:mk112233
ID: 40462224
Apologies for asking trivial questions - i just need to be clear that no additional hardware firewall changes are required for either of these setups? i.e as ling as i set up the existing internal IP of the current servers as a VIP and assing new internal IPs to the two servers in each array? is that correct?
0
 

Author Comment

by:mk112233
ID: 40462246
Also, all of the current traffic rules on the TMG are already set up for the ip address its using. Does it mean they would have to be reconfigured? do you know of any example threads of the standalone TMG 2010 configuration with NLB?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40462265
You can refer to the link below. NLB is the management console of TMG. NLB is a feature in Windows Server 2008 and is also integrated in TMG 2010.

http://technet.microsoft.com/en-us/library/dd897010.aspx


Regards,

JBond2010
0
 

Author Comment

by:mk112233
ID: 40464324
Thanks JBond2010


One last question before i accept this solution, do you know of a procedure for preparing the second ADFS server before it can be load balanced?

Thanks
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40464334
Yes. You can refer to the link below and this will explain how it is done.

http://technet.microsoft.com/en-us/library/dn151324.aspx


Regards,

JBond2010
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now