Solved

Resiliency for TMG 2010 and Server 2008 ADFS

Posted on 2014-11-24
9
150 Views
Last Modified: 2014-11-25
Hi,

I need to set up a standalone array for a TMG2010 enterprise server. While i understand the process of adding another server intho the array - http://technet.microsoft.com/en-gb/library/dd440981.aspx
 i am not clear about how the network failover is going to work, i.e. do i need a virtual ip address or any other particular firewall rules set up?

I also need to set up resiliency for a Windows 2008 ADFS server. What would be the recommended way of doing this and, again, how will the network fail-over work?

Both servers are part of an Office 365 post-migration configuration (if that makes a difference)  

Any help would be greatly appreciated.

Kind regards

Mihail
0
Comment
Question by:mk112233
  • 5
  • 4
9 Comments
 

Author Comment

by:mk112233
Comment Utility
Further to my earlier question, could you please clarify the licensing requirements for the two setups?

i understand TMG 2010 must be the Enterprise version, does the host OS also need to be Enterprise or can it be Standard?

Same for ADFS - does it need to be standard or enterprise Server 2008?
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 500 total points
Comment Utility
With ADFS, it would be recommended that you use the latest version. Best practice, 2x ADFS proxy servers in a DMZ and 2x ADFS servers on your LAN. You can use NLB for the ADFS proxy server and the same for ADFS servers on your LAN.

You can refer to the link below.

http://office365support.ca/configuring-windows-nlb-for-ad-fs-2-0/
0
 

Author Comment

by:mk112233
Comment Utility
Thanks for your response, JBond2010.

What about TMG 2010 resiliency?
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
You can do the same with TMG 2010. I presume you have TMG 2010 Standard? If this is the case you and install a second TMG 2010 Standard edition and configure NLB.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:mk112233
Comment Utility
Apologies for asking trivial questions - i just need to be clear that no additional hardware firewall changes are required for either of these setups? i.e as ling as i set up the existing internal IP of the current servers as a VIP and assing new internal IPs to the two servers in each array? is that correct?
0
 

Author Comment

by:mk112233
Comment Utility
Also, all of the current traffic rules on the TMG are already set up for the ip address its using. Does it mean they would have to be reconfigured? do you know of any example threads of the standalone TMG 2010 configuration with NLB?
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
You can refer to the link below. NLB is the management console of TMG. NLB is a feature in Windows Server 2008 and is also integrated in TMG 2010.

http://technet.microsoft.com/en-us/library/dd897010.aspx


Regards,

JBond2010
0
 

Author Comment

by:mk112233
Comment Utility
Thanks JBond2010


One last question before i accept this solution, do you know of a procedure for preparing the second ADFS server before it can be load balanced?

Thanks
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
Yes. You can refer to the link below and this will explain how it is done.

http://technet.microsoft.com/en-us/library/dn151324.aspx


Regards,

JBond2010
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now