You can provide secure access to cloud services while maintaining business continuity using Forefront Threat Management Gateway 2010.
There are still concerns about moving to cloud computing. Security is at the top of the list. As you plan your company’s migration to the cloud, you want to ensure that your current business is not interrupted. Your users need continuous access to their business applications—now hosted in cloud services—and in a secure and highly available manner.
There are other concerns as well. What if all my internal clients can’t access the cloud? Now that my e-mail system is on the cloud, what will happen if there’s an interruption in Internet access? As more people are required to stay connected to the Internet to access our cloud services, what should we do to guarantee security and productivity? These are common questions as you plan your migration to the cloud. The answers will shape the future deployment for the company.
While security and availability are the greatest concerns for companies moving to the cloud, cost savings is certainly the biggest driver. Cloud computing can help you achieve cost savings in new ways like adopting a “pay per usage” scheme or reducing datacenter facility costs.
Most companies need to be able to rapidly scale up or down, deliver a rich experience across all devices (including PCs, mobile devices and browsers) and align those needs without compromising data security. Forefront Threat Management Gateway (TMG) 2010 can help you securely access the cloud services and productivity tools you and your user community need to continue doing business.
For most businesses, migrating to the cloud starts by moving various business functions like productivity tools. This includes e-mail, team collaboration Web sites, instant messaging/videoconferencing and content-creation applications. These productivity tools are the engine of your business. They’re the core of your business and need to be always available, whether your user is at their desk or working remotely from a hotel or at a customer’s site (see Figure 1).
Figure 1 Office 365 is the Microsoft Cloud solution for business productivity
Let’s examine a hypothetical situation using a fictional company called Contoso. We’ll follow Contoso through the steps of planning and migrating to the cloud. The company is planning to move all of its business-productivity tools to the cloud. The first phase of the project is to use Exchange Online to move the e-mail system to the cloud for employees located in the United States.
There are four core prerequisites for this first phase (see Figure 2):
Figure 2 These four pillars must be in place for the first phase
Forefront TMG 2010 can meet Contoso’s requirements for Phase 1 of the migration (see Figure 3). In order to comply with the high-availability requirements, use the following Forefront TMG 2010 features:
Figure 3 Leveraging the high-availability features in Forefront TMG 2010
Exchange Online services include antivirus and anti-spam features. Still, Contoso wants to ensure its users are protected when browsing sites originated by the e-mail system, so it’s using a multilayered approach (see Figure 4).
Figure 4 Leveraging Forefront TMG 2010 HTTPS Inspection feature to protect on-premises resources
This multilayer approach lets you leverage the power of the cloud while protecting the on-premises client from potential threats that are coming from the Internet:
This first phase of Contoso’s migration covers only users located in the United States. Due to the autonomy each branch office has for daily operations, the company needs to allow local branches to have control of their own traffic. It also has to do this while bound to company rules and policies. In order to achieve this goal, use Forefront TMG 2010 with a multi-array scenario and have company policies enforced at the enterprise level (see Figure 5).
Figure 5 Allowing autonomy to each branch office while maintaining central company policy enforcement
This model provides a central management view for all arrays within the enterprise. It also helps with corporate policy enforcement. When you apply changes to the firewall policy or network rules, Forefront TMG ensures all existing client connections comply with the new policy or rules. It will also terminate connections that aren’t allowed.
A worker using the new e-mail system must remain focused on productivity, so you need to minimize potential distractions. You also need to block users from malicious sites in accordance with company policy. The Forefront TMG 2010 URL Filtering feature uses a cloud-based service called Microsoft Reputation Service in order to categorize URLs a user is trying to access (see Figure 6).
Figure 6 Using Forefront TMG 2010 URL Filtering to improve information worker experience
Here’s how the process works:
If the employee thinks this site shouldn’t have been blocked, they can temporarily browse the Web site and notify the administrator that the site was misclassified.
There are other features in Forefront TMG that can help with cloud deployment scenarios. Caching is one example. Forefront TMG can cache HTTP and HTTPS data from your cloud applications. This saves bandwidth and improves the user experience by improving the latency for cloud requests.
Forefront TMG can also help with cloud deployments by integrating its BranchCache capability with Windows Server 2008 R2. To demonstrate this, we’ll assume the second phase of the Contoso cloud migration includes the Office Web Plus for clients located in some branch offices (see Figure 7).
Figure 7 Using the Forefront TMG 2010 BranchCache capability to assist cloud migration of resources located in the branch office
Here’s an outline of how BranchCache can help with remote office cloud services:
As you can see, the more clients that are using cloud-based objects from the cloud, the more the cache will grow. Those objects will be accessed many times during the day. With Forefront TMG caching those objects, the company can save bandwidth while increasing access speed.
While security remains the primary concern for companies considering a move to the cloud, Forefront TMG 2010 can provide a secure Web gateway. With the security concerns resolved, you can focus on the real reason your company moved to the cloud in the first place: cost savings.
Not a TechNet Subscriber?
Confidently evaluate Microsoft software and plan deployments with a Microsoft TechNet Subscription.