![]() ![]()
Richard lives and works in beautiful, sunny Southern California. and is focused on helping organizations large and small implement and support edge security and remote access solutions, as well as certificate services infrastructures. ![]() CONFIGURING FOREFRONT TMG 2010 TWO LEG WINDOWSIn addition, he is a Pluralsight author and has served as the technical reviewer on several Windows server and network security books. He blogs extensively about Microsoft edge security and remote access solutions, and is also a contributing author at popular sites such as,. Richard has more than two decades experience working in large scale corporate computing environments and has designed and deployed perimeter defense and secure remote access solutions for some of the largest companies in the world. He has traveled around the world speaking to network engineers, security administrators, and IT professionals about Microsoft edge security and remote access solutions. Richard Hicks (MCP, MCSE, MCTS, and MCITP Enterprise Administrator) is a network and information security expert specializing in Microsoft technologies. CONFIGURING FOREFRONT TMG 2010 TWO LEG FULLSecurity administrators can take advantage of the benefits provided by logging to a full instance of SQL server and still leverage the advanced alerting and reporting features and real-time dashboard included with TMG Reporter. And now the latest release of TMG Reporter fully supports integration with Forefront TMG 2010 when configured to log to a dedicated remote SQL server. For Forefront TMG Enterprise deployments, having a single aggregate view of network traffic can be invaluable. In addition, SQL server supports exponentially larger databases than the default SQL Express, which allows security administrators to extend their log retention time significantly. SQL server’s ability to address more CPUs and memory, along with integrated high availability and disaster recovery features make deploying a dedicated SQL server quite compelling, especially for larger organizations. CONFIGURING FOREFRONT TMG 2010 TWO LEG HOW TOFor complete details on how to configure Forefront TMG 2010 to log to a dedicated remote SQL server, click here.Ĭonfiguring a dedicated SQL server for Forefront TMG 2010 logging can be beneficial in many deployment scenarios. It is also a good idea to use Windows authentication as opposed to SQL authentication. If you choose to configure a dedicated SQL server for Forefront TMG logging, make certain to select the option to Force data encryption. However, larger organizations typically have dedicated database administrators on staff to meet these needs. Also, managing a SQL server is non-trivial, both from a security and operational perspective. Some of the drawbacks to using a remote SQL server are that it does require additional hardware and the appropriate SQL server licenses, which adds cost to the overall solution. In addition, if a TMG firewall has to be rebuilt or replaced for any reason, no log data will be lost in the process. This provides the security administrator with a single, comprehensive view of Internet activity across the entire organization. In this configuration, every member of each TMG array in the enterprise logs to this central data store in SQL. Using SQL server also allows the administrator to leverage high availability and disaster recovery options such as log shipping, database mirroring, and failover clustering.Ī dedicated SQL server also addresses the lack of centralized logging for Forefront TMG 2010 Enterprise edition. Both editions of SQL Server can accommodate databases up to 524 petabytes in size. SQL Server Enterprise edition can leverage up to 8 CPUs and 2 TB RAM. ![]() By contrast, a full installation of SQL Server Standard edition can use 4 CPUs and 64 GB RAM. SQL Express installed on the Forefront TMG server is limited to a single CPU, 1 GB RAM, and has a 10GB limit on database size. The full SQL server product is much more robust and scalable than SQL Express. Logging to a remote SQL server provides several key advantages over logging to the default local SQL Express database. Thanks to significant improvements in the Forefront TMG firewall’s logging infrastructure, logging to a remote SQL server is now a viable option. With ISA server, if the remote SQL server was unavailable for any reason, the firewall service would shut down and place the firewall in lockdown mode and block all requests. Logging to a remote SQL server historically presented some challenges. ![]() There are several logging options to choose from when configuring Forefront TMG 2010, including the option to log to a remote SQL server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |