Search This Blog

Wednesday, December 19, 2012

ISAserver.org Monthly Newsletter - December 2012

-------------------------------------------------------
ISAserver.org Monthly Newsletter - December 2012
Sponsored by: GFI Software
<http://landwebmon.gfi.com/isa-server-internet-monitoring-sm/?adv=40&loc=66>
-------------------------------------------------------

Welcome to the ISAserver.org newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on ISA Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to dshinder@isaserver.org


1. December is the Time for New Tech Toys
-----------------------------------------------------------

There's not a whole lot of news on the TMG firewall front this month. Given that TMG is officially nearing the end of its life, I probably won't be presenting you with much new stuff regarding our favorite firewall in the future. We'll definitely keep this newsletter going for a while, and we'll keep the articles coming on the web site, but it's likely that you'll be seeing more on DirectAccess and UAG, as well as some of the third party products for TMG that are still being developed and updated.

Speaking of UAG, I've had many questions about its fate, and whether we should expect it to follow in the steps of TMG soon. The answer to that is that we still don't know about what's going to happen to UAG. There are quite a few things that UAG does that no other product out there does, so there is a chance that UAG will be revived, or on the other hand, perhaps Microsoft will take the key things that UAG does and put those features in the next version of the Windows Server operating system. I wish I had a definitive answer for you, but I don't. Only time will tell.

Meanwhile, I thought I'd take a break from the TMG drama this time and talk about some of those BYOD that we're connecting to our networks through TMG these days. Come the first of the year, you'll probably have even more of those to contend with. December is a month that's all about holidays, and giving and getting gifts is often a big part of that. This year is a big one for new techie toys, that's for sure. Smart phones, tablets, and new touch screen laptops and all in one devices are roaring onto the scene with all types of new form factors and new capabilities.

We've all been hearing about the "death of the PC" for a couple of years now. The funny thing is that the PC and laptop don't appear to be dying. When I go into stores like Best Buy or Fry's, I see a big crowd of people looking at and playing with the new Windows 8 touch screen laptops. Could Windows 8 revive the laptop scene by making a touch interface the new de facto standard? That could very well happen. I've heard from multiple readers who have told me that they just didn't "get" Windows 8 until they tried it on a touch-enabled device. Once you get used to the "finger control" method, it's hard to go back. I know that when I've been using a touch device for a while, and I go back to my desktop with its three big (but non-touch) monitors, it seems odd to be restricted to only a keyboard and mouse. I find myself reaching toward the screen without thinking. We'll see how that plays out in the market.

When it comes to smart phones, some really cool offerings are now available and I have a feeling we're going to see more in the coming year. Some of the new Windows 8 phones are absolutely beautiful. To be honest, I wasn't expecting too much from them, because Microsoft had been so far behind the eight ball with the Windows Phone 7 devices that lacked so many of the very basic things I wanted from a smart phone (swappable microSD to make storage expandability easy, multiple core processor support, big screens, and most important of all, 4G). I was afraid Windows Phone 8 would bring only incremental improvements. However, I've had a chance to try out the Nokia and HTC phones and Tom even bought one of the Nokia phones and he loves it! He was a dyed in the wool Android fan before his Nokia 822, but now is switching over to the Windows Phone.

As for me, I have to confess: I'm still in the Android camp. There are still a few issues that prevent me from going "all in" with the Windows Phone. Microsoft is almost there, but not quite yet. My favorite Christmas present so far this year (yes, I got it early) was a Galaxy Note 2 smart phone. I got the Note 10.1 tablet for my birthday a couple of months ago. Both of them are fantastic devices and I highly recommend them to you if you're in the market for an Android tablet and/or smart phone.

Tom is holding out for the Microsoft Surface. As a full time employee, he'll be getting one from Microsoft for free, but he has to wait until January – and it's not the Pro version. It'll be interesting to see how the Surface RT works. I love Windows 8 on my laptop and workstations, so I think I'll love it on a tablet, too. But, I'm not sure how the limitations of RT will affect my enjoyment. I'll see what happens with Tom's RT Surface before I make up my mind, but I'm thinking I'll probably pass RT by and get a "real" Windows 8 tablet. My son went out and bought a Lenovo Yoga 13 the week after Windows 8 was released and he loves it. I have my eyes on a couple of smaller devices: the Sony Duo 11 and the Samsung ATIV Smart PC Pro. Maybe Santa will see fit to leave one of those under my tree.

I hope you get the tech toys you want this holiday season. I'll be going to CES 2013 in January and I'll report back on any innovative new devices I see there. Thanks to all of you for reading this newsletter month after month, and if there are topics related to TMG that you'd like me to talk about in the future, please let me know. Whichever holiday you celebrate, have a wonderful one, along with a Happy New Year!

See you next month! – Deb.

dshinder@isaserver.org

=======================
Quote of the Month - If you can, help others; if you cannot do that, at least do not harm them. – Dalai Lama
=======================


2. ISA Server 2006 Migration Guide - Order Today!
--------------------------------------------------------------

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA
Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his
illustrious team of ISA Firewall experts now present to you , ISA Server 2006
Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. This book
leverages the over two years of experience Tom and his team of ISA Firewall
experts have had with ISA 2006, from beta to RTM and all the versions and builds
in between. They've logged literally 1000's of flight hours with ISA 2006 and
they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with
their no holds barred coverage of Microsoft's state of the art stateful packet
and application layer inspection firewall.

Order your copy of ISA Server 2006 Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. You'll be
glad you did.


3. ISAserver.org Learning Zone Articles of Interest
--------------------------------------------------------------

Considerations for Replacing your TMG Firewall (Part 1)
http://www.isaserver.org/tutorials/Considerations-Replacing-TMG-Firewall-Part1.html

Microsoft Forefront UAG - Configuring Forefront UAG as a DirectAccess Server (Part 2)
http://www.isaserver.org/tutorials/Microsoft-Forefront-UAG-Configuring-Forefront-UAG-DirectAccess-Server-Part2.html

Comprehensive Overview of Web and Server Publishing Rules in TMG 2010 (Part 10)
http://www.isaserver.org/tutorials/Comprehensive-Overview-Web-Server-Publishing-Rules-TMG-2010-Part10.html

Implementing Secure Remote Access with PPTP and Forefront Threat Management Gateway (TMG) 2010 (Part 2)
http://www.isaserver.org/tutorials/Implementing-Secure-Remote-Access-PPTP-Forefront-Threat-Management-Gateway-TMG-2010-Part2.html

Comprehensive Overview of Web and Server Publishing Rules in TMG 2010 (Part 9)
http://www.isaserver.org/tutorials/Comprehensive-Overview-Web-Server-Publishing-Rules-TMG-2010-Part9.html

Implementing Secure Remote Access with PPTP and Forefront Threat Management Gateway (TMG) 2010 (Part 1)
http://www.isaserver.org/tutorials/Implementing-Secure-Remote-Access-PPTP-Forefront-Threat-Management-Gateway-TMG-2010-Part1.html

GFI WebMonitor for ISA/TMG Voted ISAserver.org Readers' Choice Award Winner - Monitoring & Administration
http://www.isaserver.org/news/ISAserver-Readers-Choice-Award-Monitoring-Administration-GFI-WebMonitor-for-ISA-TMG-Sep12.html

Microsoft Forefront UAG - Configuring Forefront UAG as a DirectAccess Server (Part 1)
http://www.isaserver.org/tutorials/Microsoft-Forefront-UAG-Configuring-Forefront-UAG-DirectAccess-Server-Part1.html


4. ISA/TMG/UAG Content of the Month
---------------------------------------------------------------

Did you know that TMG has an account lockout feature that gives you the ability to lock accounts on TMG at the local level before accounts are locked out in the domain? If not, you should! This is a great feature that can thwart attackers who are trying to DoS user accounts by brute forcing authentication attempts at the firewall. The TMG Firewall Team has done a great blog post on this. Check it out at http://blogs.technet.com/b/isablog/archive/2012/11/01/using-the-account-lockout-feature-in-tmg-2010.aspx


5. Tip of the Month
--------------------------------------------------------------

With all the talk about the cloud these days, the subjects of high availability and scalability are more important than ever before. But HA doesn't come out of just "doing stuff". You have to carefully plan for it and then execute on that plan. Check out this article I wrote that will help you in the planning and design process - http://www.isaserver.org/tutorials/Planning-High-Availability-Scalability-TMG-Deployment.html


6. ISA/TMG/IAG/UAG Link of the Month
--------------------------------------------------------------

There is a great article by our own Jason Jones over on the TechNet wiki that you need take a look at. In this article, Jason talks about the recommended network adapter configuration for the NICs in the TMG firewall. That might seem like a no-brainer, but it's not. Check it out at http://social.technet.microsoft.com/wiki/contents/articles/recommended-network-adapter-configuration-for-forefront-tmg-standard-edition-servers.aspx


7. Blog Posts
--------------------------------------------------------------

The KEMP ESP – Edge Security Pack
http://blogs.isaserver.org/shinder/2012/12/05/the-kemp-esp-%E2%80%93-edge-security-pack/

Limitations of the Simplified DirectAccess Wizard
http://blogs.isaserver.org/shinder/2012/11/30/limitations-of-the-simplified-directaccess-wizard/

Congrats to Richard Hicks for being Granted TMG MVP
http://blogs.isaserver.org/shinder/2012/11/30/congrats-to-richard-hicks-for-being-granted-tmg-mvp/

Win8 Modern UI Apps and TMG Firewalls
http://blogs.isaserver.org/shinder/2012/11/30/win8-modern-ui-apps-and-tmg-firewalls/

Configuring UAG as a DirectAccess Server Series
http://blogs.isaserver.org/shinder/2012/11/30/configuring-uag-as-a-directaccess-server-series/

UAG Service Pack 3 is Possible
http://blogs.isaserver.org/shinder/2012/11/30/uag-service-pack-3-is-possible/

RDP Publishing Horked by UAG Update
http://blogs.isaserver.org/shinder/2012/11/30/rdp-publishing-horked-by-uag-update/

TMG Firewalls with NLB and Hyper-V
http://blogs.isaserver.org/shinder/2012/11/30/tmg-firewalls-with-nlb-and-hyper-v/

Web Site Published by UAG Doesn't Render Completely
http://blogs.isaserver.org/shinder/2012/11/30/web-site-published-by-uag-doesnt-render-completely/

TMG and UAG Updates for Exchange 2013
http://blogs.isaserver.org/shinder/2012/11/30/tmg-and-uag-updates-for-exchange-2013/


8. Ask Sgt Deb
--------------------------------------------------------------

QUESTION:

Hello Deb,

I really enjoyed your articles about Microsoft Direct Access.

I have a question for you. We are a global company with 40,000 employees and about 20,000 remote access users in 5 different AD domains. Currently we are using a Juniper VPN for our remote users to have access to us.

We are now however considering Direct Access.

In your opinion, do you think that we should try to roll out Direct Access using the current version on Windows Server 2008 R2 using a Unified Access Gateway, or, would you suggest that we wait for Server 2012? It looks like 2012 might be much easier. Thanks! –Jay S.


ANSWER:

Hi Jason,
That answer used to be easy. UAG DirectAccess was definitely a better solution than the DirectAccess that came with Windows Server 2008 R2. The reason for this is that UAG DirectAccess supported NAT64/DNS64 and high availability and load balanced arrays. However, there were some problems with multiple domains with the UAG firewall and it was a complex configuration.

In contrast, the Windows Server 2012 DirectAccess has a lot more to offer. It includes everything you would have had with the UAG DirectAccess, but it also supports multiple domains right out of the box and also has some very cool multi-homing features so that clients can be configured to connect to the DirectAccess server or array that is closest to them. Performance for the IP-HTTPS protocol has also been significantly improved. All in all, you can't go wrong with the Windows Server 2012 DirectAccess solution and I highly recommend it. –Deb.

Do you have any questions or ideas for content? Email me on dshinder@isaserver.org.


TechGenix Sites
--------------------------------------------------------------

MSExchange.org <http://www.msexchange.org/>
WindowSecurity.com <http://www.windowsecurity.com/>
WindowsNetworking.com <http://www.windowsnetworking.com/>
VirtualizationAdmin.com <http://www.virtualizationadmin.com/>
WServerNews.com <http://www.wservernews.com/>

--

Visit the Subscription Management <http://www.techgenix.com/newsletter/>
section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
http://www.techgenix.com/advert/index.htm for sponsorship
information or contact us at advertising@isaserver.org
Copyright c ISAserver.org 2012. All rights reserved.

No comments: