Tip

What the demise of Forefront TMG means for Windows Server

You may have noted that this past spring, Microsoft told the analyst firm Gartner that it wouldn’t be producing another shipping version of its Forefront Threat Management Gateway software.

Specifically,

    Requires Free Membership to View

Microsoft indicated—strangely, only in this report and not in any other external communications—that it has placed Threat Management Gateway (TMG) in sustained engineering mode, and it doesn’t intend to offer products in the firewall and secure gateway space in the future. In effect, the product is dead, and in the future it will only get security updates and critical bug fixes; no further innovation will happen on the code base, at least in its present form.

This move left many scratching their heads. From its previous incarnation as Microsoft ISA Server through its rebranding into the Forefront line of products, TMG was considered a “best of breed” product in the security and edge-ware space. Despite it not being—and in some customers’ view, because it wasn’t—an appliance, TMG’s clever and intuitively set-up stateful packet inspection services and Web caching made it a go-to product in many Microsoft shops.

So the folks with the biggest and deepest investments in TMG—the ones using it day in and day out on their networks to keep the bad guys out—are naturally wondering where this move leaves them. What of TMG, and perhaps more importantly, what are the options for the future?

The clearest, most direct option Microsoft has is to fold TMG into its Unified Application Gateway (UAG) product, which is essentially a filter on inbound access to corporate resources. UAG is based on the same filtering engine as TMG; the direction of supported traffic is simply switched. This makes for a logical, and probably relatively simple, move to integrate the now-defunct TMG capabilities into the newer product the software giant is fond of pushing. However, UAG has its disadvantages: it’s mainly available only as a hardware and software combination, it’s somewhat clunky interface-wise, and it’s a lot more costly than TMG ever was. By subsuming the popular bits into a relatively unpopular product, Microsoft might be pushing for more adoption of UAG, but perhaps at an ultimate cost of customer satisfaction.

A less clear but undoubtedly more popular option would be simply to include TMG’s core capabilities within Windows Server 8. Microsoft has already been emphasizing the importance of device firewalls and making sure, from a defense-in-depth standpoint, individual machines and endpoints have the capability to withstand attacks. Including the TMG engine for free to anyone who buys a server license could appeal to both this logic and the customer base and allow the positive aspects of TMG to not get lost within a more complicated, specialized product.

Clearly for shops with a significant investment in ISA Server, Threat Management Gateway and so on, the absence of a future roadmap for the product—and its relegation to the backburner, being provided only security fixes for a limited period of time—is a point of concern. The window is now open for other vendors to provide integration and migration services to TMG customers as Microsoft exits this market. If you’re rethinking your edge protection, it’s a smart move to exclude Microsoft from your plans. In any event, they’ve decided to move on, and you should, too.

Follow SearchWindowsServer on Twitter @WindowsTT.

ABOUT THE AUTHOR
Jonathan Hassell is an author, consultant, and speaker on a variety of IT topics. His published works include 
RADIUS, Hardening Windows, Using Microsoft Windows Small Business Server 2003, and Learning Windows Server 2003.

This was first published in October 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.