For TMG03 only: Configure Intra-Array Network on TMG03.mht - Windows Live Update the Remote Management Computers Computer Set In order to successfully join the array when using an intra-array network, it is necessary to add the intra-array IP address of the joining server to the Remote Management Computers computer set on TMG03.As this is a supported deployment method, I thought it might be useful to document some of the specifics of installing and configuring in a workgroup environment, specifically when using Enterprise Edition with a standalone array.
When using a workgroup deployment, it is likely that infrastructure services are limited and an Enterprise Management Server (EMS) will not be present. Therefore a standalone array, as opposed to an EMS-managed array, will be required to provide an array of Forefront TMG servers. Therefore for the purposes of this article (and just because I think it is interesting) the example provided includes setup of a standalone array to provide a high availability Forefront TMG solution. To improve the quality of information provided and also to reduce the amount of time it takes to produce these blog articles, I am trying out a new technology in this blog post. This technology is called the Windows Problem Steps Recorder and was originally written as a support tool. However, it also provides a really nice way of capturing a complete walkthrough process in a relatively accurate and fast way. Forefront Tmg 2010 Enterprise Edition Download Size IsPLEASE provide feedback on this new method of providing walkthrough information does it work for you I appreciate the MHT file download size is quite large, but it does allow for offline use which is quite a nice bonus Anyhow, back to the article. In order to prepare the environment for workgroup deployment we need to consider the following preparatory steps: Configure each Forefront TMG server with a fully qualified domain name (FQDN) Create user accounts Import server certificates Import root CA certificates Lab Environment Overview The example lab environment I am using consists of the following Forefront TMG Servers: TMG03 TMG04 Both servers have been configured with three network interfaces (more on that later) and are running Forefront TMG Enterprise Edition on Windows Server 2008 R2 operating systems. The servers are actually hosted on a Windows Server 2008 R2 Hyper-V parent, not that this makes any difference to the examples. An overview of the Forefront TMG related lab environment is shown below: Configure FQDNs As the Forefront TMG servers are not domain joined, they are unlikely to be configured with a DNS suffix. So, the first step is to configure each server with an appropriate DNS suffix to define the FQDN. First for TMG03: Configure FQDN on TMG03.mht - Windows Live Next for TMG04: Configure FQDN on TMG04.mht - Windows Live Create User Accounts The next step involves creating mirror user accounts on each Forefront TMG server. First for TMG03: Create User Account on TMG03.mht - Windows Live Next for TMG04: Create User Account on TMG04.mht - Windows Live Import Server Certificates Firstly we import a unique Workgroup Server Certificate into TMG03. In my lab, this certificate was created using an internal Windows CA using the Web Server certificate template. However, any CA than can create a valid certificate with a Server Authentication (1.3.6.1.5.5.7.3.1) key usage type (sometimes call an OID) should be fine. For TMG03 only: Import Certificates on TMG03.mht - Windows Live Import CA Server Certificates To ensure that the imported server certificate is trusted by both TMG03 and TMG04, we need import the CA server certificate into the Trusted Roots Certificate Authority certificates store on both servers. For our example lab environment, this is called MSEDGE Root CA. First for TMG03: Import Root CA Certificate on TMG03.mht - Windows Live Next for TMG04: Import Root CA Certificate on TMG04.mht - Windows Live For next time With the environment prepared, we can now think about creating the standalone array and joining workgroup array members. Forefront Tmg 2010 Enterprise Edition Zip Link FromPlease Note: If you want to download all walkthroughs provided above in a single file you can use the Download as.zip link from here. However, be aware that this is a 14MB download: Using Forefront TMGISA Server BPA for documenting your deployment Using Forefront TMGISA Server BPA for documenting your deployment ISA Server 2006: Installing ISA 2006 Enterprise Edition (beta) in a Unihomed Workgroup Configuration Office Communications Server 2007 R2 Enterprise Deployment 2 Office Communications Server 2007 R2 Enterprise Deployment 1. This will involve the following steps: Create and configure an intra-array network Update the Remote Management Computers computer set Edit the HOSTS file on each Forefront TMG server Assign server certificate to the Array Manager Join the Forefront TMG server to the standalone array Create the Intra-Array Network Where possible, I always use dedicated Intra-Array networks in my Enterprise Edition designs. Many people think this approach is no longer necessary, but in fact, it is still very much recommend by Microsoft as discussed here. In the event that you do wish to create an intra-array network, you will need a dedicated network interface card (NIC) per array member to facilitate this. Assuming this is the case, as per our example lab environment, we need to configure this new network within the Forefront TMG console.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |