Install and Config TMG 2010 آموزش و نصب قدم به قدم
[B]Install and configure Forefront TMG 2010 Enterprise Management Server (EMS) for centralized Management—Step by Step[/B]
[LEFT]
[SIZE=2]Forefront TMG 2010 provides standard and enterprise version. On an Enterprise version you can deploy Forefront TMG in a single server (standalone deployment) or multiple servers in Enterprise Management Array deployment. In an Enterprise deployment, one TMG server perform as an Enterprise Management Server in an Enterprise Management Array (EMS). And rest of the TMG servers join in that array. A Forefront TMG array is a collection of Forefront TMG servers that are managed centrally, via a single management interface. It provides better management capacity, redundancy, fault tolerance and High Availability in a organisation where HA is calculated by 99.9%. An Array stored following information in Enterprise Management Server.[/SIZE]
[LIST=1][*][SIZE=2]Array configuration settings, which are relevant for, and shared by, all members of the array.[/SIZE][*][SIZE=2]Server configuration settings, which are relevant only for a specific array member, for each of the array members.[/SIZE][/LIST]
[SIZE=2]Standalone—Depending on the selected load balancing method, a standalone array can have up to 50 Forefront TMG servers managed by one of the array members that acts as the array manager; for more information about load balancing. Use this type of array if Forefront TMG is deployed in a single logical location and handles a medium traffic load.[/SIZE]
[SIZE=2]EMS-managed—An EMS-managed array can have up to 200 Forefront TMG arrays, each holding up to 50 Forefront TMG servers, that are managed by an Enterprise Manager Server (EMS). Once you have set up an EMS-managed array, you can replicate its settings and manage up to 15 EMS-managed arrays using the same settings, thus enabling central management of up to 150,000 Forefront TMG servers.[/SIZE]
[B][SIZE=2]Load balancing Forefront TMG servers in an array[/SIZE][/B]
[SIZE=2]An integrated Network Load Balancing (NLB) Feature is available in Forefront TMG. It enables you to take advantage of the benefits of central management, configuration, maintenance, and troubleshooting, which are not available if you configure NLB directly via the Windows-based NLB tools. Load balancing serves to balance network traffic among array members, so that traffic is optimized across all available servers. [/SIZE]
[B][SIZE=2]Installation of Forefront TMG 2010 EMS[/SIZE][/B]
[URL="http://araihan.files.wordpress.com/2010/06/110.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/1_thumb1.jpg?w=244&h=179[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/24.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/2_thumb1.jpg?w=244&h=171[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/31.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/3_thumb1.jpg?w=244&h=170[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/41.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/4_thumb1.jpg?w=244&h=170[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/51.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/5_thumb1.jpg?w=244&h=170[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/61.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/6_thumb1.jpg?w=244&h=171[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/71.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/7_thumb1.jpg?w=244&h=185[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/81.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/8_thumb1.jpg?w=244&h=184[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/91.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/9_thumb1.jpg?w=244&h=186[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/101.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/10_thumb1.jpg?w=244&h=186[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/111.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/11_thumb1.jpg?w=244&h=184[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/121.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/12_thumb1.jpg?w=244&h=184[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/131.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/13_thumb1.jpg?w=244&h=184[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/141.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/14_thumb1.jpg?w=244&h=184[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/151.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/15_thumb1.jpg?w=244&h=184[/IMG][/COLOR][/SIZE][/URL][URL="http://go2.wordpress.com/?id=725X1342&site=araihan.wordpress.com&url=http%3A%2F%2Faraihan.files.wordpress.com%2F2010%2F06%2F161.jpg&sref=http%3A%2F%2Faraihan.wordpress.com%2F2010%2F06%2F10%2Finstall-and-configure-forefront-tmg-2010-enterprise-management-server-ems-for-centralized-management-step-by-step%2F"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/16_thumb1.jpg?w=244&h=185[/IMG][/COLOR][/SIZE][/URL][URL="http://araihan.files.wordpress.com/2010/06/171.jpg"][SIZE=2][COLOR=#000000][IMG]http://araihan.files.wordpress.com/2010/06/17_thumb1.jpg?w=244&h=119[/IMG][/COLOR][/SIZE][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/201.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/20_thumb1.jpg?w=244&h=184[/IMG][/URL]
[SIZE=2]Check invoke and Click Finish once installation is done.[/SIZE]
[B][SIZE=2]To assign administrative roles for enterprise administrators[/SIZE][/B]
[SIZE=2]1. In the Forefront TMG Management console, in the tree, click the [B]Enterprise[/B] node.[/SIZE]
[SIZE=2]2. On the [B]Tasks[/B] tab, click [B]Assign Administrative Roles[/B]. [/SIZE]
[SIZE=2]3. On the [B]Assign Roles[/B] tab, click the upper [B]Add[/B] button. Then, do the following: [/SIZE]
[SIZE=2]1. In [B]Group or User[/B], enter the name of the group or user that will be allowed to access information stored in the local instance of Active Directory Lightweight Directory Services (AD LDS), and monitor arrays in the domain. [/SIZE]
[SIZE=2]2. In [B]Role[/B], select one of the following:[/SIZE]
[SIZE=2][B]Forefront TMG Enterprise Administrator[/B]—Authorizes the specified group or user to perform all administrative tasks in the enterprise and arrays in the domain. [/SIZE]
[SIZE=2][B]Forefront TMG Enterprise Auditor[/B]—Authorizes the specified group or user to perform monitoring tasks, and to view enterprise and array configuration. [/SIZE]
[SIZE=2]4. When you have finished, click [B]OK[/B].[/SIZE]
[SIZE=2]5. In the details pane, click the [B]Apply[/B] button, and then click [B]OK[/B].[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/211.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/21_thumb1.jpg?w=339&h=247[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/221.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/22_thumb1.jpg?w=277&h=287[/IMG][/URL]
[B][SIZE=2]To assign administrative roles for array administrators[/SIZE][/B]
[SIZE=2]1. In the Forefront TMG Management console, in the tree, click the [B]Forefront TMG[/B] node.[/SIZE]
[SIZE=2]2. On the [B]Tasks[/B] tab, click [B]Assign Administrative Roles[/B]. [/SIZE]
[SIZE=2]3. On the [B]Assign Roles[/B] tab, click the upper [B]Add[/B] button. Then, do the following: [/SIZE]
[SIZE=2]1. In [B]Group or User[/B], enter the name of the group or user that will be allowed to access information stored in the local instance of AD LDS.[/SIZE]
[SIZE=2]2. In [B]Role[/B], select one of the following:[/SIZE]
[SIZE=2][B]Forefront TMG Array Administrator[/B]—Authorizes the specified group or user to perform all administrative tasks in the array. [/SIZE]
[SIZE=2][B]Forefront TMG Array Auditor[/B]—Authorizes the specified group or user to perform all monitoring tasks, and to view the array configuration. [/SIZE]
[SIZE=2][B]Forefront TMG Array Monitoring Auditor[/B]—Authorizes the specified group or user to perform specific monitoring tasks.[/SIZE]
[SIZE=2]4. When you are finished, click [B]OK[/B].[/SIZE]
[SIZE=2]5. In the details pane, click the [B]Apply[/B] button, and then click [B]OK[/B].[/SIZE]
[B]To enable Microsoft Update and activate licenses[/B]
[LIST=1][*]In the Forefront TMG Management console, in the tree, click the [I]server name[/I] node.[*]On the [B]Tasks[/B] tab, click [B]Launch Getting Started Wizard[/B], and then click [B]Define deployment options[/B].[*]On the [B]Microsoft Update Setup[/B] page, click [B]Use the Microsoft Update service to check for updates (recommended)[/B].[*]On the [B]Forefront TMG Protection Features Settings[/B] page, activate licenses for the protection features you want to enable. You can only download and install updated definitions for features that you have enabled.[*]If you activated the Network Inspection System (NIS) license, on the [B]NIS Signature Update Settings[/B] page, select the automatic update action you desire.[*]Complete the wizard, and then click [B]Finish[/B]. On the [B]Apply Changes[/B] bar, click [B]Apply[/B].[*]For WSUS update visit this [URL="http://araihan.wordpress.com/2010/04/12/configure-forefront-tmg-2010-to-receive-definition-update-from-windows-server-update-services-wsus/"][COLOR=#000000]Link[/COLOR][/URL][/LIST]
[B][SIZE=2]To Create an Enterprise Array[/SIZE][/B]
[SIZE=2]1. On the EMS, in the Forefront TMG Management console, Right click on[B] Arrays[/B]. In the task pane, click [B]New Array[/B].[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/35.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/35_thumb.jpg?w=182&h=244[/IMG][/URL]
[SIZE=2]2. In the [B]New Array Wizard[/B], on the [B]Welcome to the New Array Wizard[/B] page, enter the name of the array.[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/36.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/36_thumb.jpg?w=244&h=189[/IMG][/URL]
[SIZE=2]3. On the [B]Array DNS Name[/B] page, enter the Domain Name System (DNS) of the array. [/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/37.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/37_thumb.jpg?w=244&h=188[/IMG][/URL]
[SIZE=2]4. On the [B]Assign Enterprise Policy[/B] page, in the [B]Select the Enterprise policy to apply to this new array[/B] list, click the enterprise policy to apply to the array.[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/38.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/38_thumb.jpg?w=244&h=190[/IMG][/URL]
[SIZE=2]5. On the [B]Array Policy Rule Types[/B] page, select the types of rules that may be created for the array firewall policy. [/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/39.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/39_thumb.jpg?w=244&h=187[/IMG][/URL]
6. Click Finish and Apply Changes.
[URL="http://araihan.files.wordpress.com/2010/06/40.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/40_thumb.jpg?w=244&h=187[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/42.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/42_thumb.jpg?w=244&h=200[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/411.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/41_thumb.jpg?w=244&h=67[/IMG][/URL]
[SIZE=2]Important! All internal networks must be able to ping DNS record mentioned in step3.[/SIZE]
[B][SIZE=2]To join an enterprise array from second TMG server.[/SIZE][/B]
[SIZE=2]1. In the Forefront TMG Management console, click the [I]server name[/I] node.[/SIZE]
[SIZE=2]2. On the [B]Tasks[/B] tab, click [B]Join Array[/B]. [/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/43.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/43_thumb.jpg?w=244&h=197[/IMG][/URL]
[SIZE=2]3. On the [B]Join Membership Type[/B] page, click [B]Join an array managed by an EMS server[/B]. [/SIZE]
[SIZE=2] [URL="http://araihan.files.wordpress.com/2010/06/44.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/44_thumb.jpg?w=244&h=200[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/45.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/45_thumb.jpg?w=244&h=199[/IMG][/URL] [/SIZE]
[SIZE=2]4. On the [B]Enterprise Management Server Details[/B] page, enter the fully qualified domain name (FQDN) of the EMS server, and then click the user account form used to connect to the server.[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/46.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/46_thumb.jpg?w=244&h=200[/IMG][/URL]
[SIZE=2]5. On the [B]Join EMS Managed Array [/B]page, select whether to join an existing EMS managed array, or to create a new EMS managed array.[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/47.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/47_thumb.jpg?w=244&h=200[/IMG][/URL]
[SIZE=2]6. If you selected to create a new EMS managed array, on the [B]Create New Array[/B] page, enter the details of the new array or Select existing Array, Click next and Click Finish.[/SIZE]
[URL="http://araihan.files.wordpress.com/2010/06/48.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/48_thumb.jpg?w=244&h=199[/IMG][/URL]
[SIZE=2][URL="http://araihan.files.wordpress.com/2010/06/49.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/49_thumb.jpg?w=244&h=67[/IMG][/URL][/SIZE]
[B][SIZE=2]Configuring intra-array communication on array members[/SIZE][/B]
[SIZE=2]1. In the Forefront TMG Configuration console, in the tree, expand the [B]ServerName[/B] of the array, and then click [B]System[/B]. [/SIZE]
[SIZE=2]2. On the [B]Servers[/B] tab, select a server, then on the [B]Task[/B] tab, click [B]Configure Selected Server[/B].[/SIZE]
[SIZE=2]3. On the [B]Communication[/B] tab, on the [B]Intra-Array Communication[/B] dialog box, enter the IP address used to communicate with other array members. [/SIZE]
[SIZE=2]Important! Apply changes after every configuration has been done in TMG EMS.[/SIZE]
[SIZE=2][B]To Configure Network Topology[/B][/SIZE]
Forefront TMG supports unlimited network adapters[SIZE=2][B]. [/B]However, [/SIZE]the following network types, you can specify an IP address range or select a network adapter associated with the network you are configuring:
[LIST][*]Internal network[*]Perimeter network[*]External network[/LIST]
IP addresses for network adapters associated with the same network should be identical on each array member.
Click on Enterprise Networks, Click [B]Create a New Network Wizard[/B] or editing a selected network from Taskpad.
[URL="http://araihan.files.wordpress.com/2010/06/231.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/23_thumb1.jpg?w=244&h=179[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/241.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/24_thumb.jpg?w=244&h=187[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/25.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/25_thumb.jpg?w=244&h=116[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/26.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/26_thumb.jpg?w=244&h=188[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/27.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/27_thumb.jpg?w=244&h=162[/IMG][/URL]
The list of network adapter settings configured in Windows Server is logged to the [B]Network Adapters[/B] tab in the [B]Networking[/B] node. You can edit the network adapter settings.
From the Taskpad, Click [B]Create New Network Rule[/B] Wizard
[URL="http://araihan.files.wordpress.com/2010/06/28.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/28_thumb.jpg?w=244&h=188[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/30.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/30_thumb.jpg?w=244&h=188[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/29.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/29_thumb.jpg?w=157&h=244[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/311.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/31_thumb.jpg?w=244&h=188[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/32.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/32_thumb.jpg?w=244&h=188[/IMG][/URL] [URL="http://araihan.files.wordpress.com/2010/06/33.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/33_thumb.jpg?w=244&h=188[/IMG][/URL]
[URL="http://araihan.files.wordpress.com/2010/06/34.jpg"][IMG]http://araihan.files.wordpress.com/2010/06/34_thumb.jpg?w=244&h=76[/IMG][/URL]
[URL="http://araihan.wordpress.com/2010/06/10/install-and-configure-forefront-tmg-2010-enterprise-management-server-ems-for-centralized-management-step-by-step/"]Install and configure Forefront TMG 2010 Enterprise Management Server (EMS) for centralized Management—Step by Step [/URL]
[/LEFT]
