Microsoft TMG Replacement Blues?
Microsoft has discontinued Forefront Unified Access Gateway (UAG) and Forefront Threat Management Gateway (TMG), solutions for remote application access control, security and optimization. Microsoft UAG/TMG evolved over many years to integrate multiple functions to protect Microsoft applications. It is a key component of several Microsoft application deployments including Microsoft Exchange, SharePoint and Lync. However, the TMG and UAG deployments are not limited to protecting Microsoft applications.
Securing web applications accessible over the web is a complex task. A compromise may lead to a significant performance hit to the application, especially when under an attack that may impact business, or worse, security breaches.
As these products approach their end of support (April 2020), a common question from customers is “What do I do to secure my Microsoft Exchange or SharePoint deployment?” Although some of the security functions are integrated into new Microsoft products, there is no direct replacement of TMG and UAG from Microsoft.
TMG and UAG protect Microsoft applications and users from cyber threats by integrating several security functions such as SSL encryption and decryption, application security and aspects of malware protection such as filtering security exploits and vulnerabilities, in addition to network functions such as routing, and network performance features such as compression and caching.
So, trying to find an enterprise-grade replacement, integrating many complex aspects of evolving application security, all of them in an integrated solution, makes the replacement very challenging. Microsoft TMG customers need to deploy a replacement that can, at a minimum, provide the same level of functionality and protection for Microsoft applications in internet facing scenarios, but should also address the next generation of cloud-based applications.
To replace Microsoft TMG and UAG, enterprises need to consider several important factors that will help maintain the existing functionality provided by Microsoft TMG, while minimizing network and application configuration changes. Such considerations include:
1. Integrated functionality: the TMG replacement solution must provide the same, if not better, set of functionality, including routing, security and performance enhancement, in a simple package that can be managed centrally.
2. Scalability: a TMG replacement solution must provide simple and cost effective scalability to allow future expansion, both for traffic capacity and number of applications supported. It needs to minimize the amount of effort required to upgrade the solution.
3. Network topology: TMG protects both the front-end application servers typically located in the DMZ, as well as the backend servers that are typically deployed inside the organization’s private LAN. The security functionality needs to be provided at both ends of the network.
As you look for replacement solutions, you’ll need to evaluate the functionality of Microsoft UAG or TMG in use and assess your needs for securing multiple applications – whether they are on premise or in the cloud, the experience you’d like your users to receive, such as single sign on (SSO) as well as how these replacement solution will be managed.
For more details: