PDF File(348 kb)Deployment Scenarios: Microsoft TMG Standard (nTMG), TMG Enterprise (nTMGE), TMG Branch Office (nTMGB)series Appliances

Overview

TMG Server 2010 Appliance (nTMG or nTMGE Series) provides value to IT managers, network administrators, and information security professionals who are concerned about the security, performance, manageability, or reduced cost of network operations. TMG Server 2010 Appliance (nTMG or nTMGE Series) can help you:

  1. Defend Against External and Internal Web-Based Threats. TMG Server 2010 Appliance (nTMG or nTMGE Series) was engineered to deliver stronger security to manage and protect your networks.
  2. Securely Publish Content for Remote Access. TMG Server 2010 Appliance (nTMG or nTMGE Series) helps streamline the implementation providing security for corporate applications accessed over the Internet.
  3. Connect and Secure Branch Offices. TMG Server 2010 Appliance (nTMG or nTMGE Series) provides a robust way to securely expand corporate networks reducing network costs by leveraging existing network connections.

1. Defending Your Environment Against External and Internal Internet-Based Threats

Businesses need to eliminate the damaging effects of malware and attackers through a comprehensive set of tools for scanning and blocking harmful content, files, and Web sites. TMG Server 2010 Appliance (nTMG or nTMGE Series) can help organizations protect their environments from internally and externally originating Internet-based threats. With a hybrid proxy-firewall architecture, deep content inspection, granular policies, and comprehensive alerting and monitoring capabilities, TMG Server 2010 Appliance (nTMG or nTMGE Series) makes it easier to manage and protect your network. Read more about Internet Access Protection Internet Access Protection with TMG Server 2010 Appliance (nTMG or nTMGE Series).

Smaller Size Deployment (nTMG)

Smaller Size Deployment (nTMG):

  • TMG Server Appliance Series Type: nTMG Series (more)
  • Disadvantage (Fail-Over): No support for Active-Active Failover Appliance Configuration for High Availability
  • Appliance Cost: Low. $4K+ for an Entry Level Model - 1500S (more)
Medium-Large Size Deployment (nTMGE)

Medium-Large Size Deployment (nTMGE):

  • Based On TMG Server Appliance: nTMGE Series (more)
  • Advantages (Fail-Over): Support for Active-Active Failover Appliance Configuration for High Availability, Unlimited Scalability through NLB Clustering
  • Appliance Cost: High. $10K+ for an Entry Level Model - 1500E (more)

2. Securely Publishing Your Content for Remote Access

Businesses need to provide employees and partners with secure and appropriate remote access to applications, documents, and data from any PC or device.

TMG Server 2010 Appliance (nTMG or nTMGE Series) enables organizations to make their Exchange, SharePoint, and other Web application servers accessible in a more secure way to remote users outside the corporate network. By pre-authenticating users before they gain access to any published servers, inspecting even encrypted traffic at the application layer in a stateful manner, and providing automated publishing tools, TMG Server 2010 Appliance (nTMG or nTMGE Series) makes it easier to provide security for corporate applications accessed over the Internet. Read more about Secure Remote Access with TMG Server 2010 Appliance (nTMG or nTMGE Series).

Smaller Size Deployment (nTMG)

Smaller Size Deployment (nTMG):

  • TMG Server Appliance Series Type: nTMG Series (more)
  • Client Type: Windows VPN Client Built-In, PPTP/L2TP
  • Disadvantage (SSL/VPN): No-SSL VPN, NAC (End-Point Security) or Granular Resource Access Built-In
  • Disadvantage (Fail-Over): No support for Active-Active Failover Appliance Configuration for High Availability
  • Appliance Cost: Low. $4K+ for an Entry Level Model - 1500S (more)
Smaller Size Deployment (nTMG)

Medium-Large Size Deployment (nTMGE):

  • TMG Server Appliance Series Type: nTMGE Series (more)
  • Client Type: Windows VPN Client Built-In, PPTP/L2TP
  • Disadvantages (SSL/VPN): No-SSL VPN, NAC (End-Point Security) or Granular Resource Access Built-In
  • Advantages (Fail-Over): Support for Active-Active Failover Appliance Configuration for High Availability, Unlimited Scalability through NLB Clustering (more)
  • Appliance Cost: High. $10K+ for an Entry Level Model - 1500E (more)
Smaller Size Deployment (nTMG)

Medium-Large Size Deployment (Additional nUAG Appliance):

  • UAG Server Appliance Series Type: nUAG Series (more)
  • Advantages (SSL/VPN): Clientless SSL VPN Access, NAC (End-Point Security) and Granular Resource Access Built-In
  • Advantages (Fail-Over): Support for Active-Passive Failover Appliance Configuration, Unlimited Scalability through built-in Clustering support
  • Appliance Cost: Requires additional dedicated Appliance, $5K+ for an Entry Level Model - 1500U (more)

Note: UAG is a standalone appliance, it is not available as software add-on option with a nTMG or nTMGE as a single-appliance package (more)

3. Connecting and Securing Your Branch Offices

Businesses need to connect remote-site branch offices to their corporate headquarters, provide security-enhanced Internet access from branch offices and utilize limited bandwidth more efficiently.

Organizations can use TMG Server 2010 Appliance (nTMG or nTMGE Series) to connect to and secure their branch offices, while efficiently utilizing network bandwidth. By providing HTTP compression, caching of content (including software updates) and site-to-site virtual private network (VPN/IPSec) capabilities integrated with application-layer filtering, TMG Server 2010 Appliance (nTMG or nTMGE Series) makes it easier to securely expand corporate networks. Read more about Branch Office Security with TMG Server 2010 Appliance (nTMG or nTMGE Series).

Smaller Size Deployment (nTMG)

Smaller Size Deployment (nTMG):

  • TMG Server Appliance Series Type: nTMG Series (more)
  • Disadvantage (Policy-Management): No Centralized Management, Configuration Sets are stored locally on each of the appliances, managed through manual export and import of policies.
  • Disadvantage (Fail-Over): No support for Active-Active Failover Appliance Configuration for High Availability
  • Appliance Cost: Low. Two Appliances 8K+ ($4Kx2) for an Entry Level Model - 1500S (more)
Smaller Size Deployment (nTMG)

Medium-Large Size Deployment (nTMGE):

  • TMG Server Appliance Series Type: nTMGE Series (more)
  • Advantages (Policy-Management): Centralized Management of policies and easily deployed over large number of branch office, Easiest deployment for large number of branch office appliances.
  • Advantages (Fail-Over): Support for Active-Active Failover Appliance Configuration for High Availability , Unlimited Scalability through NLB Clustering for both nTMGE/B (Branch) appliances and, nTMGE (Enterprise) appliance
  • Appliance Cost: High. Requires two appliances. $10K+ for an Entry Level Model - 1500E (Corporate Data Center) and $5K+ for an Entry Level Model - 1500B (Branch Office); Total $15K+ (more)

Compare nTMG, nTMGE and nTMGB Series Appliances

Review and Compare the different editions of Microsoft Threat Management Gateway (TMG) 2010

TMG 2010 provides robust, effective, and easy-to-use integrated security. Three versions are available: TMG Server 2010 Standard Edition (nTMG Series), TMG Server 2010 Enterprise Edition (nTMGE Series) and TMG Server 2010 Branch Office Edition (nTMGB Series).

The Following table compares and contrasts the key features of three editions.

  Business Standalone Corporate Datacenter Corporate Branch Office
Microsoft Forefront Threat Management Gateway 2010 TMG Standard Edition TMG Enterprise Edition TMG Branch-Office Edition
       
Deployment Type:      
Business Type SMB Enterprise Branch Office
nAppliance Net-Gateway Platform Series nTMG Series nTMGE Series nTMGB Series
Supported deployment scenarios Standalone Server in a standalone array or an array managed by EMS* Server in a standalone array or an array managed by  EMS*
       
High Availability:      
NLB Arrays for Load Balancing & Failover No
Scale Out: Number of Supported TMG Server in Array 1 Unlimited 2
Non-domain joined gateway 
ISP Link redundancy 
       
Unified Threat Management Functionalities:      
Firewall - Stateful
Firewall - Application Layer      
Network IPS (NIS)
VPN (site-to-site and remote access) 
Web Proxy
Web Publishing
HTTPS inspection 
Caching , Cache Compression
NLB Arrays for CARP Support    
Web Anti-Malware Protection**
E-mail Protection***
       
Configuration Storage Server (CSS)      
Local Management of Firewall Policies and Config Settings
Remote Management of Firewall Policies and Config Settings    
       
Enterprise Management: EMS for Centralized Management      
Management of Enterprise (nTMGE) Edition Gateways    
Management of Branch (nTMGB)  Edition Gateways*    
Management of Branch  Standard (nTMG) Edition Gateway*    
       
Type of Microsoft Forefront TMG Editions Standard Enterprise (Datacenter) Branch Office
Scale Up: Processor Support Up to 4 CPU's Unlimited Up to 4 CPU's

* Requires at least one Enterprise Edition nTMGE appliance license, EMS: Enterprise Management Server
** Requires subscription;
*** Requires Exchange License