Direkt zum Hauptbereich

Microsoft Forefront TMG and ISP Redundancy


One of the great new features of Microsoft Forefront TMG is ISP Redundancy. With the help of this feature it is now possible to load balance the network traffic between two different ISPs (Internet Service Providers). One other configuration mode is the ability to configure Microsoft Forefront TMG for ISP Failover. In this case, Forefront TMG will use one ISP link as the primary connection, and if this link gets broken, TMG will automatically failover to the second configured ISP.

Configuration of ISP Redundancy

Let us start with the configuration of the ISP Redundancy Mode. Start the Forefront TMG Management Console, navigate to the Networking node and select the ISP Redundancy tab and in the Task pane click Configure ISP Redundancy.

Figure 1: ISP Redundancy window
The ISP Redundancy Wizard gets started and will guide you through the configuration process.

Figure 2: ISP Redundancy Configuration Wizard
First you have to choose between two modes for the ISP Redundancy behavior.
  • ISP Load Balancing
  • ISP Failover
ISP Load Balancing is used to balance the network traffic between the two configured ISP links.
ISP Failover is used to provide an alternative method for a connection to the Internet if the primary ISP link is down due to problems or maintenance reasons. ISP Failover is s great feature for small and medium sized businesses with a simplier network infrastructure which wants to provide failover capabilities for two ISP links. The primary ISP link is often the fastest and cheaper connection and when this connection becomes unavailable TMG will failover to the backup ISP.

Figure 3: Select ISP Redundancy Behavior

ISP Load Balancing


In our first example we chose Load Balancing between two ISP links. You must specify the Network Adapter used for the ISP. First select a name for the ISP and the network adapter which is used to connect to that ISP.

Figure 4: Select Network Adapters for ISP Redundancy
After selecting the first ISP link, the following configuration dialog allows us to configure ISP connection properties like the Gateway IP address and the DNS Server used by this connection.

Figure 5: Connection Properties of ISP
The TMG wizard automatically creates TMG computer objects which can be used as a list of Servers which should route through this ISP.

Figure 6: ISP DNS Server properties
After the configuration of the first ISP has finished you have to configure the second ISP in the same manner as the first ISP. After both ISP connections are configured, you have the choice to balance the load between the two configured ISP. If your ISP bandwidth is the same for both links, what is normally done is to configure an even load between both ISPs. If one ISP has a lower bandwidth than the other ISP, move the slider to set the percentage of traffic this ISP link should handle.

Figure 7: ISP Load Balancing Factor
Click Finish to end the ISP configuration wizard and after that click Apply to save the configuration changes.

Monitor ISP Redundancy

Microsoft Forefront TMG has some capabilities to monitor the ISP Redundancy feature. If you want to see the load and the status of each configured ISP, you can use the Dashboard of the Microsoft Forefront TMG Management Console. The Dashboard function allows you to see the uptime of each ISP and the actually transmitted Bytes per second through each ISP link as you can see in the following screenshot.

Figure 8: Monitoring ISP Redundancy

ISP Failover

After successfully configuring the ISP Load Balancing feature, I will now show you how to configure the ISP failover feature of Forefront TMG. To change the TMG behavior from Load Balancing to Failover, click the ISP Failover link in the task pane of the ISP Redundancy feature tab.

Figure 9: Display ISP Redundancy Mode

ISP Connection Test

The ISP Redundancy configuration has also the option of simulating a broken link or forcing Forefront TMG to mark another ISP connection as active. This can be useful for simulating a broken link or to test the functionality.

Figure 10: ISP Failover Connection Role
It is possible to choose between three Test options:
  • Automatic
  • Always On
  • Always Off

Figure 11: ISP Load Balancing Ratio

ISP Failover Alerting

Microsoft Forefront TMG has some builtin capabilities for alerting the TMG Administrator if there are any problems with the ISP Redundancy feature. TMG comes with five new alert options which are:
  • ISP link is available – Monitors when the ISP link is (again) available
  • ISP Link address missing – No IP address is configured on a network adapter of the TMG Server which can be associated with the ISP Link
  • ISP Link is active – This alert is triggered when an ISP link is active and network traffic passes through this adapter
  • ISP Link is unavailable – Alerts when the ISP link is unavailable or not connected
  • Both ISP Links are unavailable – Both ISP links are unavailable and unusable
If one condition reachs this status the Forefront TMG Administrator has many options to get informtion by sending an e-mail or a network message. It is also possible to execute custom commands or to start/stop/restart some services.

Figure 12: ISP Load Balancing / Failover alerting

Conclusion

In this article, I tried to show you how to configure Microsoft Forefront TMG for ISP Load Balancing to failover between different ISPs. This new feature is excellent for small and medium business who want to share multiple ISP connections or want to have a way of failover between a primary and most powerful ISP link and a lower bandwidth link for backup purposes.

Kommentare

Beliebte Posts aus diesem Blog

Microsoft Office 2013 aktivieren via Kommandozeile

Wie man das neue Microsoft Office 2013 aktiviert via Kommandozeile, das werde ich euch in dem folgenden Beitrag Schritt für Schritt erklären. Gerade in grösseren Systemumgebungen in welchen die Clients und Standard Software automatisiert installiert werden, kann das sehr hilfreich sein und erspart einem viel Arbeit nach der Installation des Clients. Das Ziel sollte sein, möglichst viel zu automatisieren und soweit möglich, wenig noch händisch zu konfigurieren. Da kommt dieser Beitrag sicherlich nicht ungelegen. Die folgenden Befehle könnte man beispielsweise ganz einfach in eine MDT (Microsoft Development Toolkit) Umgebung mit einbeziehen oder auch mit anderer Software benutzen. Wichtig zu wissen ist, dass dies nur dann funktioniert, wenn Microsoft Office 2013 über das Internet aktiviert wird. Hat man einen eigenständigen Aktivierungsserver (KMS), funktioniert dies nicht. Zudem müssen die Befehle alle mit Administrator Rechte ausgeführt werden. Normale Benutzerberechtigungen genügen …

Windows Domain Controller: Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar

Zurzeit häuft sich (warum auch immer) das Problem dass nach einem Neustart eines Windows Domain Controllers bei der Anmeldung die Fehlermeldung „Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar“ kommt und eine Anmeldung so nicht möglich ist Das Problem ist hierbei das der Domain Controller im Active Directory Reperatur Modus (Abgesicherter Modus) startet. Am einfachsten lässt sich dieses Problem folgendermaßen beheben: 1) Anmeldung mit dem DSRM (Directory Services Restore Mode) / Verzeichnisdienstwiederherstellungskennwort Falls die Anmeldung nicht funktioniert kann man einen Workaround wie hier beschrieben durchführen. 2) Systemkonfiguration mittels msconfig.exe aufrufen

WSUS won’t uninstall or re-install

Hat heute ein Problem mit WSUS unter Windows Server 2008 R2 bei einem Kunden. Das Problem - die Clients konnten keinen Verbindung zum WSUS Server herstellen. Die Deinstallation wurde unerwartet beenden mit folgender Fehlermeldung: Attempt to un-install Windows Server Update Services failed with error code 0x80070643. Fatal error during installation  Die Lösung: I don’t like Windows Server Update Services (WSUS), but it’s the free alternative many companies select over the higher cost alternatives like Intune or Systems Center. So, today I had to repair a damaged WSUS installation. Turns out someone uninstalled SQL Server 2005 Express not realizing WSUS was using it. Now firing up the WSUS console just yielded an error complaining about the missing SQL database. So like any good troubleshootin IT guy the first thing I tried was to uninstall WSUS…sadly, however the product would not uninstall or re-install. Here’s how I finally got rid of it: [the problem] WSUS 3.0 SP2 is missing SQL serv…