Tuesday, February 12, 2013

Using IIS Application Request Routing (ARR) as a TMG Replacement

So this won’t be shocking news but Microsoft has stopped selling Forefront Threat Management Gateway (TMG) and they really didn’t give us any good alternatives.  Officially, they tell you to use the Unified Access Gateway but anyone who uses it knows that 1) it’s a massive pain to setup 2) it’s really expensive 3) it breaks autodiscover and mobility.
So this leaves us to use third party hardware load balancers but I’m not much of a fan of doing firewall rules directly to the HLB.  The nice thing about the reverse proxy is that it served as a separation between the internet and production.  So I have found some articles on the web about IIS ARR with Lync but they all seem to be 1) not written for Lync 2013 2) don’t work with mobility 3) are too vague 4) assume that you are going to bind one service to one IP – which works find but sometimes people want to not take up a ton of IP’s on the internet to deploy one service.

No comments:

Post a Comment