Search This Blog

Wednesday, October 26, 2011

ISAserver.org Monthly Newsletter of October 2011

-------------------------------------------------------
ISAserver.org Monthly Newsletter of October 2011
Sponsored by: Wavecrest
<http://www.wavecrest.net/>
-------------------------------------------------------

Welcome to the ISAserver.org newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on ISA Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to dshinder@isaserver.org


1. TMG Firewalls in the Private Cloud
--------------------------------------------------------------

Resistance is futile: the cloud is coming to your datacenter. It might not be today, it might not be tomorrow and it might not even be next year – but clouds are the future. The idea of cloud computing is taking over IT by storm and there's nothing we can do to stop it. The good news is that cloud can actually be a good thing and by getting on board the cloud bandwagon, we can extend our careers and add tremendous value to our organizations.

The journey to the cloud is going to start with the private cloud. If you're new to private cloud, then you should check out the Private Cloud Solutions Hub on the Microsoft TechNet site. <http://technet.microsoft.com/en-us/cloud/private-cloud> There you will find key information on private cloud architecture and learn how private clouds should be architected and designed. You'll also get to read a lot of great content that was written by my husband, Tom Shinder.

Once you get up to speed in the basics of private cloud technologies, you'll want to consider how you can use the TMG firewall to optimize your private cloud network security. There are several roles I'd suggest you consider for the TMG firewall in the private cloud. Some of these include:

* Edge firewall
* Internal firewall that controls which traffic can move between virtual networks within the private cloud
* Internal firewall that controls which traffic can move between virtual networks and internal networks on the corporate network
* Internal firewall that controls which traffic can move between virtual networks and the Internet

If those roles look familiar, it's because they are. Essentially, the TMG firewall will perform the same duties it does in your datacenter today, but it will run in the private cloud as virtual instances. The challenge we have with private cloud is that when we put workloads into the private cloud, they can move around and be on any machine that is hosting virtual machines in the virtual server array or cluster. This can be problematic, because the TMG firewall virtual machine might be hosted on the same virtual server host that is also hosting a database workload or a messaging workload. This co-locating of resources in different security zones is a bad security design and it's something that you'll need to consider as your move your TMG firewall to the private cloud.

There are other considerations as well. You can find information on a number of security issues you need to consider when virtualizing the TMG firewall in a great article authored by Jim Harrison and Gershon Levitz over at http://technet.microsoft.com/en-us/library/cc891502.aspx. If you want to learn more about private cloud security in general, then jump on over to the TechNet Wiki and read about private cloud security architecture at http://social.technet.microsoft.com/wiki/contents/articles/3794.aspx.

Finally, before we finish for the month, I want to let your know that TMG Service Pack 2 is now available! I haven't had time to install it yet so I can't tell you what my experiences with it have been, but I'll share my experiences with SP2 next month. You can find SP2 over at http://www.microsoft.com/download/en/details.aspx?id=27603

See you next month! - Deb.
dshinder@isaserver.org

=======================
Quote of the Month - "Speakers who talk about what life has taught them never fail to keep the attention of their listeners." – Dale Carnegie
=======================


2. ISA Server 2006 Migration Guide - Order Today!
--------------------------------------------------------------

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA
Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his
illustrious team of ISA Firewall experts now present to you , ISA Server 2006
Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. This book
leverages the over two years of experience Tom and his team of ISA Firewall
experts have had with ISA 2006, from beta to RTM and all the versions and builds
in between. They've logged literally 1000's of flight hours with ISA 2006 and
they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with
their no holds barred coverage of Microsoft's state of the art stateful packet
and application layer inspection firewall.

Order your copy of ISA Server 2006 Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. You'll be
glad you did.


3. ISAserver.org Learning Zone Articles of Interest
--------------------------------------------------------------

* Secure CDP publishing with Forefront TMG and the HTTP-filter
http://www.isaserver.org/tutorials/Secure-CDP-publishing-Forefront-TMG-HTTP-filter.html

* Test Lab Guide: Demonstrate Site to Site VPN with Threat Management Gateway 2010 (Part 4)
http://www.isaserver.org/tutorials/Test-Lab-Guide-Demonstrate-Site-to-Site-VPN-Threat-Management-Gateway-2010-Part4.html

* Configuring Web Proxy Automatic Discovery (WPAD) in Forefront Threat Management Gateway (TMG) 2010
http://www.isaserver.org/tutorials/Configuring-Web-Proxy-Automatic-Discovery-WPAD-Forefront-Threat-Management-Gateway-TMG-2010.html

* Test Lab Guide: Demonstrate Site to Site VPN with Threat Management Gateway 2010 (Part 3)
http://www.isaserver.org/tutorials/Test-Lab-Guide-Demonstrate-Site-to-Site-VPN-Threat-Management-Gateway-2010-Part3.html

* Troubleshooting Forefront TMG
http://www.isaserver.org/tutorials/Troubleshooting-Forefront-TMG.html

* Test Lab Guide: Demonstrate Site to Site VPN with Threat Management Gateway 2010 (Part 2)
http://www.isaserver.org/tutorials/Test-Lab-Guide-Demonstrate-Site-to-Site-VPN-Threat-Management-Gateway-2010-Part2.html

* Intrusion Detection and Prevention in Forefront TMG (Part 2) - Network Inspection System
http://www.isaserver.org/tutorials/Intrusion-Detection-Prevention-Forefront-TMG-Part2.html

* ADVSoft ProxyInspector for ISA Server Voted ISAserver.org Readers' Choice Award Winner - Reporting
http://www.isaserver.org/news/ISAserver-Readers-Choice-Award-Reporting-ADVSoft-ProxyInspector-for-Microsoft-ISA-Server-Jul11.html


4. ISA/TMG/UAG Content of the Month
---------------------------------------------------------------

Do you know about the TechNet wiki? If not, then you're in for a treat! The TechNet wiki is a relatively new member of the TechNet family of web sites that provide you great technical content. The thing that's different about the TechNet wiki is that anyone (yes, including you!) can add new content and anyone can edit existing content. This allows everyone to get in the game and create articles so we can all help each other. One of the best pages on the site is the Forefront Threat Management Gateway (TMG) 2010 Survival Guide, which you can find at http://social.technet.microsoft.com/wiki/contents/articles/2316.aspx

The guide has information that will help you get started with the TMG firewall as well as information that will help you after you're running the firewall in your datacenter. Yuri Diogenes manages this page and I guarantee that you'll find something useful there. And if you want to add to the page and make it even better, then go for it!


5. Tip of the Month
--------------------------------------------------------------

So you got your first TMG firewall up and running and it's working great and protecting you from external attackers and web based malware. Now you're ready for the next step – you want to scale your TMG firewall solution and make it highly available. How are you going to get there? By using the High Availability and Scalability Design Guide for Forefront Threat Management Gateway 2010. You can find the guide at http://technet.microsoft.com/en-us/library/dd896997.aspx This information will kick start your efforts at scaling out your TMG firewall solution and will also give you the information you need to make it highly available.


6. ISA/TMG/IAG/UAG Links of the Month
--------------------------------------------------------------

Test button errors when publishing SharePoint

The "Test" button was first introduced with ISA 2006 in a service pack and it's proven pretty useful over the years. However, sometimes it doesn't do what you thought it was going to do and it will throw out some interesting and perplexing errors. In this article, Jason Jones describes a situation where the Test button results report errors on one or more paths when publishing SharePoint. Check it out at http://blog.msedge.org.uk/2011/09/forefront-tmg-web-publishing-rule-test.html

Five Reasons to install TMG SP2

As mentioned in the editorial, Service Pack 2 for TMG is available now. But should you install it? What are you going to get out of it? Find out from Yuri Diogenes; in his blog post, he provides five reasons that should make you want to deploy TMG service pack 2. Check it out at http://blogs.technet.com/b/yuridiogenes/archive/2011/10/14/five-reasons-you-should-apply-forefront-tmg-2010-sp2.aspx


7. Blog Posts
--------------------------------------------------------------

* DNS Security Enhancements and Web Proxy Auto Discovery
http://blogs.isaserver.org/shinder/2011/09/26/dns-security-enhancements-and-web-proxy-auto-discovery-2/

* Overview of Windows Security Tools
http://blogs.isaserver.org/shinder/2011/09/26/overview-of-windows-security-tools/

* Fastvue for Real Tiime Analytics for TMG Firewalls
http://blogs.isaserver.org/shinder/2011/09/26/fastvue-for-real-tiime-analytics-for-tmg-firewalls/

* Ain't nuthin regular about regular expression!
http://blogs.isaserver.org/shinder/2011/09/26/aint-nuthin-regular-about-regular-expression/

* From End to Edge and Beyond–Episode 7: All About FOPE
http://blogs.isaserver.org/shinder/2011/09/26/from-end-to-edge-and-beyondepisode-7-all-about-fope/

* From End to Edge and Beyond–Episode 8: Miha Pihler Secures Exchange with TMG
http://blogs.isaserver.org/shinder/2011/09/26/from-end-to-edge-and-beyondepisode-8-miha-pihler-secures-exchange-with-tmg/

* Forefront Pricing and Licensing Guide
http://blogs.isaserver.org/shinder/2011/09/26/forefront-pricing-and-licensing-guide/

* Forefront Threat Management Gateway - Workgroup Configuration with Exchange 2010
http://blogs.isaserver.org/shinder/2011/09/26/forefront-threat-management-gateway-workgroup-configuration-with-exchange-2010/

* Performance Analysis of Logs Tool
http://blogs.isaserver.org/shinder/2011/09/26/performance-analysis-of-logs-tool/

* TMG initiates active FTP connections to external servers even though it's configured for passive FTP - a problem with FTP over HTTP
http://blogs.isaserver.org/shinder/2011/09/26/tmg-initiates-active-ftp-connections-to-external-servers-even-though-its-configured-for-passive-ftp-a-problem-with-ftp-over-http/


8. Ask Sgt Deb
--------------------------------------------------------------

* QUESTION:

Hi Deb,

I'm pulling out my hair regarding the start up times for my TMG firewalls. Many of them are taking over 20 minutes to start up during a reboot. I can't live like this! Please help me as life is too short to wait over 20 minutes to reboot my TMG firewall arrays. Thanks! – Harold.

ANSWER:

Whoa, Harold. Calm down and take a deep breath. I know how frustrating it is because I've had to deal with this slow startup issue myself on many occasions – but not everyone can pull off the bald look as well as Patrick Stewart does. The good news is that I have a real solution for you. All you need to do is install TMG Service Pack 2. After that you should see startup times of less than five minutes. You can download TMG SP2 over at http://www.microsoft.com/download/en/details.aspx?id=27603 Have fun! – Deb.

Do you have any questions or ideas for content? Email me on dshinder@isaserver.org.


TechGenix Sites
--------------------------------------------------------------

MSExchange.org <http://www.msexchange.org/>
WindowSecurity.com <http://www.windowsecurity.com/>
WindowsNetworking.com <http://www.windowsnetworking.com/>
VirtualizationAdmin.com <http://www.virtualizationadmin.com/>

--
Visit the Subscription Management <http://www.techgenix.com/newsletter/>
section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
http://www.techgenix.com/advert/index.htm for sponsorship
information or contact us at advertising@isaserver.org
Copyright c ISAserver.org 2011. All rights reserved.

No comments: