Solved

Resiliency for TMG 2010 and Server 2008 ADFS

Posted on 2014-11-24
9
157 Views
Last Modified: 2014-11-25
Hi,

I need to set up a standalone array for a TMG2010 enterprise server. While i understand the process of adding another server intho the array - http://technet.microsoft.com/en-gb/library/dd440981.aspx
 i am not clear about how the network failover is going to work, i.e. do i need a virtual ip address or any other particular firewall rules set up?

I also need to set up resiliency for a Windows 2008 ADFS server. What would be the recommended way of doing this and, again, how will the network fail-over work?

Both servers are part of an Office 365 post-migration configuration (if that makes a difference)  

Any help would be greatly appreciated.

Kind regards

Mihail
0
Comment
Question by:mk112233
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 

Author Comment

by:mk112233
ID: 40461566
Further to my earlier question, could you please clarify the licensing requirements for the two setups?

i understand TMG 2010 must be the Enterprise version, does the host OS also need to be Enterprise or can it be Standard?

Same for ADFS - does it need to be standard or enterprise Server 2008?
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 500 total points
ID: 40461871
With ADFS, it would be recommended that you use the latest version. Best practice, 2x ADFS proxy servers in a DMZ and 2x ADFS servers on your LAN. You can use NLB for the ADFS proxy server and the same for ADFS servers on your LAN.

You can refer to the link below.

http://office365support.ca/configuring-windows-nlb-for-ad-fs-2-0/
0
 

Author Comment

by:mk112233
ID: 40461925
Thanks for your response, JBond2010.

What about TMG 2010 resiliency?
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 15

Expert Comment

by:JBond2010
ID: 40461940
You can do the same with TMG 2010. I presume you have TMG 2010 Standard? If this is the case you and install a second TMG 2010 Standard edition and configure NLB.
0
 

Author Comment

by:mk112233
ID: 40462224
Apologies for asking trivial questions - i just need to be clear that no additional hardware firewall changes are required for either of these setups? i.e as ling as i set up the existing internal IP of the current servers as a VIP and assing new internal IPs to the two servers in each array? is that correct?
0
 

Author Comment

by:mk112233
ID: 40462246
Also, all of the current traffic rules on the TMG are already set up for the ip address its using. Does it mean they would have to be reconfigured? do you know of any example threads of the standalone TMG 2010 configuration with NLB?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40462265
You can refer to the link below. NLB is the management console of TMG. NLB is a feature in Windows Server 2008 and is also integrated in TMG 2010.

http://technet.microsoft.com/en-us/library/dd897010.aspx


Regards,

JBond2010
0
 

Author Comment

by:mk112233
ID: 40464324
Thanks JBond2010


One last question before i accept this solution, do you know of a procedure for preparing the second ADFS server before it can be load balanced?

Thanks
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 40464334
Yes. You can refer to the link below and this will explain how it is done.

http://technet.microsoft.com/en-us/library/dn151324.aspx


Regards,

JBond2010
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question