Planning for Forefront TMG server high availability and scalability

Published: November 15, 2009

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic is designed to help you plan your Forefront TMG deployments according to your availability and scalability needs, by using a Forefront TMG array or number of arrays.

Forefront TMG arrays provide:

  • High availability—To ensure operational continuity of the Forefront TMG deployment, including during the downtime of one or more of the Forefront TMG servers in the deployment. Forefront TMG configuration settings across all servers in the array are identical, thus providing uninterrupted service during failover of one or more array members.

  • Scalability—To meet increasing performance demands. For example, with a growing number of users, or users wishing to increase their Internet activities, additional network bandwidth is required. When your organization’s needs grow, you can easily upgrade from a deployment of a single Forefront TMG to a Forefront TMG array, increase the number of members in an existing array, or increase the numbers of arrays.

  • Distributed, persistent caching—Keeps all servers updated with the latest array manager configuration, thus enabling users to designate a new array manager on demand. The information is persistent, and is retained during the downtime of one or more of the Forefront TMG servers in the deployment.

Multiple-server arrays are only supported in Forefront TMG Enterprise. Forefront TMG Standard supports a single-server array only. For more information, see About the Forefront TMG Editions.

The following sections describe:

About Forefront TMG arrays

A Forefront TMG array is a collection of Forefront TMG servers that are managed centrally, via a single management interface. When you create a Forefront TMG array, the following configuration settings are stored in a central location:

  • Array configuration settings, which are relevant for, and shared by, all members of the array.

  • Server configuration settings, which are relevant only for a specific array member, for each of the array members.

Forefront TMG Enterprise supports two types of arrays:

  • Standalone—Depending on the selected load balancing method, a standalone array can have up to 50 Forefront TMG servers managed by one of the array members that acts as the array manager; for more information about load balancing, see Load balancing Forefront TMG servers in an array. Use this type of array if Forefront TMG is deployed in a single logical location, and handles a medium traffic load.

  • EMS-managed—An EMS-managed array can have up to 200 Forefront TMG arrays, each holding up to 50 Forefront TMG servers, that are managed by an Enterprise Manager Server (EMS). Once you have set up an EMS-managed array, you can replicate its settings and manage up to 15 EMS-managed arrays using the same settings, thus enabling central management of up to 150,000 Forefront TMG servers.

    You can use an EMS-managed array in the following deployment scenarios:

    • Forefront TMG is deployed in a single logical location, and handles a high traffic load.

    • Forefront TMG is deployed in multiple locations. In this scenario, EMS is used for central management of multiple locations, including locations with relatively low traffic loads; for example, a branch office deployment.

Load balancing Forefront TMG servers in an array

Load balancing serves to balance network traffic among array members, so that traffic is optimized across all available servers. You can use Network Load Balancing (NLB), or a third party hardware load balancer, to load balance traffic among Forefront TMG array members, as follows:

  • NLB—This optional Windows Server 2008 feature is integrated into Forefront TMG. NLB tools are a prerequisite for the installation of Forefront TMG (as described in System requirements for Forefront TMG); you can configure NLB directly in the Forefront TMG Management console. In a Forefront TMG array, NLB supports load balancing across up to eight array members. This method for implementing load balancing provides a number of advantages:

    • Cost savings, as no hardware device needs to be purchased.

    • Simplified management and monitoring, as NLB can be managed directly in the Forefront TMG Management console. You can easily apply the NLB configuration to all array members.

    • Ease of node management as nodes can be managed and drained via the Forefront TMG Management console.

    • Firewall rules and settings are configured automatically.

    Using integrated NLB is the recommended method for implementing NLB in Forefront TMG. It enables you to take advantage of the benefits of central management, configuration, maintenance, and troubleshooting, which are not available if you configure NLB directly via the Windows-based NLB tools.

  • Third party hardware load balancer—The load balancer you select must support IP affinity.

Related Topics