iSCSI Target for Windows Server 2008 R2

Microsoft iSCSI Software Target 3.3 for Windows Server 2008 R2 available for public download

Introduction

For the last few years, I’ve been blogging about the Microsoft iSCSI Software Target and its many uses related to Windows Server Failover Clustering, Hyper-V and other server scenarios. Today, Microsoft has made this software publicly available to all users of Windows Server 2008 R2.

The Microsoft iSCSI Software Target has been available for production use as part of Windows Storage Server since early 2007. It has also been available for development and test use by MSDN and TechNet subscribers starting in May 2009. However, until now, there was no way to use the Microsoft iSCSI Software Target in production on a regular server running Windows Server 2008 R2. This new download offers exactly that.

Now available as a public download, the software is essentially the same software that ships with Windows Storage Server 2008 R2. Windows Storage Server 2008 R2 and the public download package will be refreshed (kept in sync) with any software fixes and updates. Those updates are described at http://technet.microsoft.com/en-us/library/gg232597.aspx.

This release was preceded by intense testing by the Microsoft iSCSI Target team, especially in scenarios where the iSCSI Target is used with Hyper-V and with Windows Server Failover Clusters. We do imagine these to be amongst the most commons deployment scenarios.

Testing included running the Microsoft iSCSI Software Target in a two-node Failover Cluster and configuring 92 individual Hyper-V VMs, each running a data intensive application and storing data on a single node of that iSCSI Target cluster. The exciting part of the test was to force an unplanned failure of the iSCSI Target node being used by all the VMs and verify that we had a successful failover to the other node with all 92 VMs continuing to run the application without any interruption.

How to download and install

To download the Microsoft iSCSI Software Target 3.3 for Windows Server 2008 R2, go to http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45105d7f-8c6c-4666-a305-c8189062a0d0 and download a single file called “iSCSITargetDLC.EXE”. (Note: This was just released at 10AM PST on 04/04/2011, so the download might still be replicating to your closest download server. If the link does not work, try again later). This is a self-extracting archive that will show this screen when run:

Select a destination folder and click “Install”. Once it finishes, you will find a few files available to you in  that folder:

If you click on the index.htm file on the main folder, you will see the welcome page with a few links to the items included:

To install the iSCSI Target on a computer running Windows Server 2008 R2, simply run the “iscsitarget_public.msi” MSI file from a command line or right-click it on Windows Explorer and choose “Install”.

Frequently Asked Questions (FAQ)

Q: Can I install the Microsoft iSCSI Software Target 3.3 on Windows Server 2008 or Windows Server 2003? A: No. The Microsoft iSCSI Software Target 3.3 can only be installed on Windows Server 2008 R2.

Q: Can I install the Microsoft iSCSI Software Target on Windows Server 2008 R2 with Service Pack 1 (SP1)? A: Yes. In fact, that’s what is recommended.

Q: Can I install the Microsoft iSCSI Software Target on a Core install of Windows Server 2008 R2? A: No. The Microsoft iSCSI Software Target 3.3 is only supported in a Full install.

Q: I don’t have a copy of Windows Server 2008 R2. Where can I get an evaluation copy? A: You download an evaluation version of Windows Server 2008 R2 with Service Pack 1 from http://technet.microsoft.com/en-us/evalcenter/dd459137.aspx

Q: Where is the x86 (32-bit) version of the Microsoft iSCSI Software Target 3.3? A: The Microsoft iSCSI Software Target 3.3, is provided in only in an x64 (64-bit) version, as is Windows Server 2008 R2,

Q: What are these “iSCSITargetClient” MSI files included in the download? A: Those are the optional VSS and VDS providers for the Microsoft iSCSI Software Target 3.3. You should install them in the same computer that runs the iSCSI Initiator if you intend to use VSS or VDS. For details on VSS, see http://blogs.technet.com/b/josebda/archive/2007/10/10/the-basics-of-the-volume-shadow-copy-service-vss.aspx. For details on VDS, see http://blogs.technet.com/b/josebda/archive/2007/10/25/the-basics-of-the-virtual-disk-services-vds.aspx.

Q: Where is the Windows Storage Server 2008 R2 documentation? A: There is some documentation inside the package. Additional documentation is available on the web at http://technet.microsoft.com/en-us/library/gg232606.aspx

Q: Can I use the Microsoft iSCSI Software Target 3.3 as shared storage for a Windows Server Failover Cluster? A: Yes. That is one of its most common uses.

Q: Can I install the Microsoft iSCSI Software Target 3.3 in a Hyper-V virtual machine? A: Yes. We do it all the time.

Q: Can I use the downloaded Microsoft iSCSI Software Target 3.3 in my production environment? A: Yes. Make sure to perform the proper evaluation and testing before deploying any software in a production environment. But you knew that already…

Q: What are the support policies for the Microsoft iSCSI Software Target 3.3 on Windows Server 2008 R2? A: The support policies are listed at http://technet.microsoft.com/en-us/library/gg983493.aspx

Links

I would recommend that you download and read my previous blog posts about the Microsoft iSCSI Software Target. Here are some of the most popular ones.

Please keep in mind that some of these posts mention previous versions of the Microsoft iSCSI Software Target that ran on different Windows Server versions. The overall guidance, however, still applies.

Conclusion

I hope you are as excited as we are about this release. Download it and experiment with it. And don’t forget to post a comment about your experience or send us your feedback.

Source: blogs.technet.com

Quick Install Exchange 2010

System Requirements

First, you need to make sure that your Active Directory (AD) environment and your Exchange server meet the minimum requirements:

  • AD forest functional level is Windows Server 2003 (or higher)   
  • AD Schema Master is running Windows Server 2003 w/SP1 or later   
  • Full installation of Windows Server 2008 w/SP2 or later OR Windows Server 2008 R2 for the Exchange server itself   
  • Exchange server is joined to the domain (except for the Edge Transport server role)

Prerequisites

In this example we are going to install Exchange 2010 on a Windows Server 2008 R2 operating system.  Before installing Exchange we need to install some Windows components.  It’s important that you don’t miss anything here because the Exchange 2010 installer does not provide very good feedback if Server 2008 R2 is missing required components.

In Exchange management shell Run the following command: Import-Module ServerManager

For a typical install with the Client Access, Hub Transport, and Mailbox roles run the following command:

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

If your Exchange server will have the Client Access Server role set the Net.Tcp Port Sharing Service to start automatically

Open PowerShell via the icon on the task bar or Start >> All Programs >> Accessories >> Windows PowerShell >> Windows PowerShell.  Be sure that PowerShell opened with an account that has rights to modify service startup settings.

Run the following command: Set-Service NetTcpPortSharing -StartupType Automatic

 

 

 

Than just follow the setup, to finish instalation of exchange.

Windows 8 Developer Preview Download

The Windows 8 Developer Preview is a pre-beta version of Windows 8 for developers. These downloads include prerelease software that may change without notice. The software is provided as is, and you bear the risk of using it. It may not be stable, operate correctly or work the way the final version of the software will. It should not be used in a production environment. The features and functionality in the prerelease software may not appear in the final version. Some product features and functionality may require advanced or additional hardware, or installation of other software.

Windows 8 Developer Preview English, 64-bit

DOWNLOAD (3.6 GB)

Sha 1 hash – 79DBF235FD49F5C1C8F8C04E24BDE6E1D04DA1E9

Includes a disk image file (.iso) to install the Windows 8 Developer Preview and Metro style apps on a 64-bit PC.

Note: This download does not include developer tools. You must download the Windows 8 Developer Preview with developer tools 64-bit (x64) to build Metro style apps.

Source: http://msdn.microsoft.com/en-us/windows/apps/br229516

Hibernation Windows Server/Client

Hibernation Enable/Disable

 

The hiberfil.sys file came into existence when Windows introduced a feature called hibernation. Many Windows users were initially confused by the unusual size of this mysterious file, but that is explained by how hibernation works. Hibernation is a feature that will let you save power without turning your computer off. It’s like a standby mode. It does this by momentarily freezing your system, which requires the use of memory. The memory needed to hibernate is stored in the hiberfil.sys file, which is why the file is so large. This file can be deleted from Windows Server 2008 by running a command.

To Delete Hiberfil.sys From Windows Server 2008 or Windows 7

Click on “Start,” then “Run.”

To Disable;
Type “powercfg.exe /hibernate off” and then press “Enter.”

 

If you want enable Hibernation type; 

Type “powercfg.exe /hibernate on” and then press “Enter.”

Forwarding Rules Not Working Outlook 2007/2010

Automatic forwarding and Remote Domains

Remote Domains define a bunch of settings, such as message formats, character sets, and OOFs for messages sent to specified domains outside your Exchange organization. The default Remote Domain setting for the address space * (the asterisk character) applies to all external domains except the ones for which you’ve created a Remote Domain for.

The Allow automatic forward setting for remote domains applies only to client-side forwarding using mechanisms like Inbox Rules. For instance, if a user creates a rule in Microsoft Outlook to automatically forward mail to an external email address, the default setting (for address space *) doesn’t allow it. To enable automatic client-side forwarding of mail to external addresses, select the Allow automatic forward checkbox in a remote domain’s properties.

Alternatively, you can do this from the Exchange Management Shell;

set-remotedomain -identity Default -AutoForwardEnabled $true

DHCP Server MAC Address based filtering

Source: blogs.technet.com

 

DHCP Server team is excited to announce that the much appreciated and loved feature, MAC Address based filtering, (previously provided by this callout dll) is now a part of Windows Server 2008 R2 DHCP Server. Check out the blog.        The MAC Address filtering feature in Windows Server 2008 R2,   has provision for both Allow and Deny lists, with provision for wild-cards.        The Allow and Deny lists,  can be managed from within the DHCP MMC.

This DHCP Server Callout DLL helps administrator to filter out DHCP Requests to DHCP Server based on MAC Address. When a device or computer tries to connect to network, it shall first try to obtain ip address from DHCP Server. DHCP Server Callout DLL checks if this device MAC address is present in known list of MAC addresses configured by administrators. If it is present, device shall be allowed to obtain ip address or device requests shall be ignored based on action configured by administrator.

MAC address based filtering will allow network administrators to ensure that only know set of devices in the system are able get ip address from DHCP Server.  This DLL will help administrators to enforce additional security into network.

This callout DLL will help user in solving either of the following problems

  1. Allow Machines only belonging to set of MAC addresses to get ip address from DHCP Server.
  2. Deny Machines belonging to set of MAC addresses from getting ip address from this server.

This callout DLL shall work on Windows 2003 Server and Windows 2008 Server.

The usage is pretty simple and explained in the setup document along with the tool.

Both the dll (MacFilterCallout.dll) and the Setup document (SetupDHCPMacFilter.rtf) are copied on to %SystemRoot%\system32 folder after installation.

Updates done since initial version:

    1. Support for 32 bit and 64 bit OSs : Works on Windows 2003 and Windows 2008 Server
    2. Ease of setup : You do not have to copy the DLLs to obscure locations or edit the registry entries.    The installer copies the files into the appropriate locations and makes the necessary registry changes.
    3. Improved documentation :  Better documentation, along with a sample file.

    You can now specify upper case MAC addresses in the config file

     

  1. You can now check out the information log file, for information on what all addresses were allowed/denied, while the DHCP server service is running.

Known Issue:

  1. This callout dll may not work on localized builds (non english builds).

 

 

Source: blogs.technet.com

Remote Desktop Services

 

 

 

Remote Desktop Services

in Windows Server 2008 R2, formerly known as Terminal Services in Windows Server 2008 and previous versions, is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer over a network, using the Remote Desktop Protocol (RDP). Terminal Services is Microsoft‘s implementation of thin-client terminal server computing, where Windows applications, or even the entire desktop of the computer running Terminal Services, are made accessible to a remote client machine. The client can either be a full-fledged computer, running any operating system as long as the terminal services protocol is supported, or a barebone machine powerful enough to support the protocol (such as Windows FLP). With terminal services, only the user interface of an application is presented at the client. Any input to it is redirected over the network to the server, where all application execution takes place.[1] This is in contrast to appstreaming systems, like Microsoft Application Virtualization, in which the applications, while still stored on a centralized server, are streamed to the client on-demand and then executed on the client machine. Microsoft changed the name from Terminal Services to Remote Desktop Services with the release of Windows Server 2008 R2 in October 2009.[2] RemoteFX is being added to Remote Desktop Services as part of Windows Server 2008 R2 SP1.

Overview

Terminal Services was first introduced in Windows NT 4.0 Terminal Server Edition. It was significantly improved for Windows 2000 and Windows Server 2003. All versions of Windows XP, except Home edition, also include a Remote Desktop server. Both the underlying protocol as well as the service was again overhauled for Windows Vista and Windows Server 2008.[3] Windows includes two client applications which utilize terminal services: the first, Remote Assistance is available in all versions of Windows XP and successors and allows one user to assist another user. The second, Remote Desktop, allows a user to log in to a remote system and access the desktop, applications and data on the system as well as control it remotely. However, this is only available in certain Windows editions. These are Windows NT Terminal Server; subsequent Windows server editions, Windows XP Professional, and Windows Vista Business, Enterprise and Ultimate. In the client versions of Windows, Terminal Services supports only one logged in user at a time, whereas in the server operating systems, concurrent remote sessions are allowed.

Microsoft provides the client software Remote Desktop Connection (formerly called Terminal Services Client), available for most 32-bit versions of Windows, including Windows Mobile, and Apple‘s Mac OS X, that allows a user to connect to a server running Terminal Services. On Windows, both Terminal Services client and Remote Desktop Protocol (RDP) use TCP port 3389 by default, which is editable[4] in the Windows registry. It also includes an ActiveX control to embed the functionality in other applications or even a web page.[5] A Windows CE version of the client software is also available.[1] Server versions of Windows OSs also include the Remote Desktop for Administration client (a special mode of the Remote Desktop Connection client), which allows remote connection to the traditional session 0 console of the server. In Windows Vista and later this session is reserved for services, and users always log onto session >0. The server functionality is provided by the Terminal Server component, which is able to handle Remote Assistance, Remote Desktop as well as the Remote Administration clients.[1] Third-party developers have created client software for other platforms, including the open source rdesktop client for common Unix platforms.

For an enterprise, Terminal Services allows IT departments to install applications on a central server. For example, instead of deploying database or accounting software on all desktops, the applications can simply be installed on a server and remote users can log on and use them via the Internet. This centralization makes upgrading, troubleshooting, and software management much easier. As long as employees have Remote Desktop software, they will be able to use enterprise software. Terminal Services can also integrate with Windows authentication systems to prevent unauthorized users from accessing the applications or data.

Microsoft has a long-standing agreement with Citrix to facilitate sharing of technologies and patent licensing between Microsoft Terminal Services and Citrix XenApp (formerly Citrix MetaFrame and Citrix Presentation Server). In this arrangement, Citrix has access to key source code for the Windows platform enabling their developers to improve the security and performance of the Terminal Services platform. In late December, 2004 the two companies announced a five-year renewal of this arrangement to cover Windows Vista.

 

Architecture

The server component of Remote Desktop Services is Terminal Server (termdd.sys), which listens on TCP port 3389. When an RDP client connects to this port, it is tagged with a unique SessionID and associated with a freshly spawned console session (Session 0, keyboard, mouse and character mode UI only). The login subsystem (winlogon.exe) and the GDI graphics subsystem is then initiated, which handles the job of authenticating the user and presenting the GUI. These executables are loaded in a new session, rather than the console session. When creating the new session, the graphics and keyboard/mouse device drivers are replaced with RDP-specific drivers: RdpDD.sys and RdpWD.sys. The RdpDD.sys is the device driver and it captures the UI rendering calls into a format that is transmittable over RDP. RdpWD.sys acts as keyboard and mouse driver; it receives keyboard and mouse input over the TCP connection and presents them as keyboard or mouse inputs. It also allows creation of virtual channels, which allow other devices, such as disc, audio, printers, and COM ports to be redirected, i.e., the channels act as replacement for these devices. The channels connect to the client over the TCP connection; as the channels are accessed for data, the client is informed of the request, which is then transferred over the TCP connection to the application. This entire procedure is done by the terminal server and the client, with the RDP protocol mediating the correct transfer, and is entirely transparent to the applications.[6] RDP communications are encrypted using 128-bit RC4 encryption. Windows Server 2003 onwards, it can use a FIPS 140 compliant encryption schemes.[1]

Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI, whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection. RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, user input (outgoing data) is encrypted using a weak (40-bit RC4) cipher. With medium encryption, UI packets (incoming data) are encrypted using this weak cipher as well. The setting “High encryption (Non-export)” uses 128-bit RC4 encryption and “High encryption (Export)” uses 40-bit RC4 encryption.

 

Terminal Server

Terminal Server is the server component of Terminal services. It handles the job of authenticating clients, as well as making the applications available remotely. It is also entrusted with the job of restricting the clients according to the level of access they have. The Terminal Server respects the configured software restriction policies, so as to restrict the availability of certain software to only a certain group of users. The remote session information is stored in specialized directories, called Session Directory which is stored at the server. Session directories are used to store state information about a session, and can be used to resume interrupted sessions. The terminal server also has to manage these directories. Terminal Servers can be used in a cluster as well.[1]

In Windows Server 2008, it has been significantly overhauled. While logging in, if the user logged on to the local system using a Windows Server Domain account, the credentials from the same sign-on can be used to authenticate the remote session. However, this requires Windows Server 2008 to be the terminal server OS, while the client OS is limited to Windows Server 2008, Windows Vista and Windows 7. In addition, the terminal server can provide access to only a single program, rather than the entire desktop, by means of a feature named RemoteApp. Terminal Services Web Access (TS Web Access) makes a RemoteApp session invocable from the web browser. It includes the TS Web Access Web Part control which maintains the list of RemoteApps deployed on the server and keeps the list up to date. Terminal Server can also integrate with Windows System Resource Manager to throttle resource usage of remote applications.[3]

Terminal Server is managed by the Terminal Server Manager Microsoft Management Console snap-in. It can be used to configure the sign in requirements, as well as to enforce a single instance of remote session. It can also be configured by using Group Policy or Windows Management Instrumentation. It is, however, not available in client versions of Windows OS, where the server is pre-configured to allow only one session and enforce the rights of the user account on the remote session, without any customization.

 

Terminal Services Gateway

The Terminal Services Gateway service component, also known as TS Gateway, can tunnel the Remote Desktop Protocol session using a HTTPS channel.[8] This increases the security of Remote Desktop Services by encapsulating the session with Transport Layer Security (TLS)[9] This also allows the option to use Internet Explorer as the RDP client.

This feature was introduced in the Windows Server 2008 and Windows Home Server products.

Important to note at the time of writing (April 2011), there are no Mac OS or Linux clients that support connecting through a Terminal Services Gateway.

 

Remote Desktop Connection

Remote Desktop Connection (RDC, also called Remote Desktop, formerly known as Microsoft Terminal Services Client, or mstsc) is the client application for Remote Desktop Services. It allows a user to remotely log in to a networked computer running the terminal services server. RDC presents the desktop interface (or application GUI) of the remote system, as if it were accessed locally.[1] With version 6.0, if the Desktop Experience component is plugged into the remote server, the chrome of the applications will resemble the local applications, rather than the remote one. In this scenario, the remote applications will use the Aero theme if a Windows Vista machine running Aero is connected to the server.[3] Later versions of the protocol also support rendering the UI in full 24 bit color, as well as resource redirection for printers, COM ports, disk drives, mice and keyboards. With resource redirection, remote applications are able to use the resources of the local computer. Audio is also redirected, so that any sounds generated by a remote application are played back at the client system.[1][3] In addition to regular username/password for authorizing for the remote session, RDC also supports using smart cards for authorization[1] With RDC 6.0, the resolution of a remote session can be set independently of the settings at the remote computer. In addition, a remote session can also span multiple monitors at the client system, independent of the multi-monitor settings at the server. It also prioritizes UI data as well as keyboard and mouse inputs over print jobs or file transfers so as to make the applications more responsive. It also redirects plug and play devices such as cameras, portable music players, and scanners, so that input from these devices can be used by the remote applications as well.[3] RDC can also be used to connect to WMC remote sessions; however, since WMC does not stream video using Remote Desktop Protocol, only the applications can be viewed this way, not any media. RDC can also be used to connect to computers, which are exposed via Windows Home Server RDP Gateway over the Internet. RDC can be used to reboot the remote computer with the CTRL-ALT-END key combination.

 

RemoteApp

RemoteApp (or TS RemoteApp) is a special mode of Remote Desktop Services, available only in Remote Desktop Connection 6.1 and above (with Windows Server 2008 being the RemoteApp server), where remote session configuration is integrated into the the client operating system. The RDP 6.1 client ships with Windows XP SP3, KB952155 for Windows XP SP2 users,[12] Windows Vista SP1 and Windows Server 2008. The UI for the RemoteApp is rendered in a window over the local desktop, and is managed like any other window for local applications. The end result of this is that remote applications behave largely like local applications. The task of establishing the remote session, as well as redirecting local resources to the remote application, is transparent to the end user.[13] Multiple applications can be started in a single RemoteApp session, each with their own windows.[14]

A RemoteApp can be packaged either as a .rdp file or distributed via an .msi Windows Installer package. When packaged as an .rdp file (which contains the address of the RemoteApp server, authentication schemes to be used, and other settings), a RemoteApp can be launched by double clicking the file. It will invoke the Remote Desktop Connection client, which will connect to the server and render the UI. The RemoteApp can also be packaged in a Windows Installer database, installing which can register the RemoteApp in the Start Menu as well as create shortcuts to launch it. A RemoteApp can also be registered as handler for filetypes or URIs. Opening a file registered with RemoteApp will first invoke Remote Desktop Connection, which will connect to the terminal server and then open the file. Any application which can be accessed over Remote Desktop can be served as a RemoteApp.[13]

Windows 7 includes built-in support for RemoteApp publishing but it has to be enabled manually in registry, since there is no RemoteApp management console in client versions of Microsoft Windows.

 

Windows Desktop Sharing

Windows Vista onwards, Terminal Services also includes a multi-party desktop sharing capability known as Windows Desktop Sharing. Unlike Terminal Services, which creates a new user session for every RDP connection, Windows Desktop Sharing can host the remote session in the context of the currently logged in user without creating a new session, and make the Desktop, or a subset of it, available over Remote Desktop Protocol.[16] Windows Desktop Sharing can be used to share the entire desktop, a specific region, or a particular application.[17] Windows Desktop Sharing can also be used to share multi-monitor desktops. When sharing applications individually (rather than the entire desktop), the windows are managed (whether they are minimized or maximized) independently at the server and the client side.[17]

The functionality is only provided via a public API, which can be used by any application to provide screen sharing functionality. Windows Desktop Sharing API exposes two objects: RDPSession for the sharing session and RDPViewer for the viewer. Multiple viewer objects can be instantiated for one Session object. A viewer can either be a passive viewer, who is just able to watch the application like a screen cast, or an interactive viewer, who is able to interact in real time with the remote application.[16] The RDPSession object contains all the shared applications, represented as Application objects, each with Window objects representing their on-screen windows. Per-application filters capture the application Windows and package them as Window objects.[18] A viewer must authenticate itself before it can connect to a sharing session. This is done by generating an Invitation using the RDPSession. It contains an authentication ticket and password. The object is serialized and sent to the viewers, who need to present the Invitation when connecting.[16][18]

Windows Desktop Sharing API is used by Windows Meeting Space for providing application sharing functionality among peers; however, the application does not expose all the features supported by the API.[17] It is also used by Remote Assistance.

 

Source: Wikipedia

 

MS Forefront Threat Management Gateway

What is TMG ?

 

Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security and Acceleration Server (ISA Server), is a network security and protection solution for Microsoft Windows, described by Microsoft as “enables businesses by allowing employees to safely and productively use the Internet for business without worrying about malware and other threats“.

 

Features

Microsoft Forefront TMG offers a set of features which include:

  1. Routing and remote access features: Microsoft Forefront TMG can act as a router, an Internet gateway, a virtual private network (VPN) server, a network address translation (NAT) server and a proxy server.
  2. Security features: Microsoft Forefront TMG is a firewall which can inspect network traffic (including web contents, secure web contents and emails) and filter out malwares, attempts to exploit security vulnerabilities and content that does not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers application layer protection, stateful filtering, content filtering and anti-malware protection.
  3. Network performance features: Microsoft Forefront TMG can also improve network performance: It can compress web traffic to improve communication speed. It also offers web caching: It can cache frequently-accessed web contents so that users can access them faster from the local network cache. Microsoft Forefront TMG 2010 can also cache data received through Background Intelligent Transfer Service, such as updates of software published on Microsoft Update website.

 

Microsoft Forefront TMG 2010

Microsoft Forefront Threat Management Gateway 2010 (Forefront TMG 2010) was released on 17 November 2009.[1] It is built on the foundation of ISA Server 2006 and provides enhanced web protection, native 64-bit support, support for Windows Server 2008 and Windows Server 2008 R2, malware protection and BITS caching. Service Pack 1 for this product was released on 23 June 2010.[14] It includes several new features to support Windows Server 2008 R2 and Microsoft SharePoint 2010 lines of products.