Monitoring Strategies for Forefront TMG 2010

So, you’ve just finished installing, configuring, and deploying Forefront TMG 2010 in production. You’re done, right? Not quite! After implementing TMG it is vital that you establish performance baselines and prepare a monitoring strategy to ensure the smooth operation and continued availability for the solution. In my latest article on I discuss some effective monitoring strategies for Forefront TMG 2010 that I’ve gained from implementing and supporting TMG deployments for some of the largest companies in the world. Read it today!

Microsoft Forefront TMG 2010 Newsletter – May 2014

In this month’s monthly newsletter I discuss two important security reports that were recently released – the Verizon 2014 Data Breach Investigations Report (DBIR) and the Microsoft Security Intelligence Report (SIR) Volume 16. Each of these reports include important information about current attack methods and exploit trends. The DBIR focuses on successful data breaches, while the SIR provides detailed information about software vulnerabilities and exploits, which themselves are often used in successful data breaches. Be sure to read this month’s newsletter for all of the details.

Upcoming DirectAccess Sessions

Microsoft TechEd North America 2014 is officially in the books. Although I was not in attendance this year, I understand that there was very little talk about DirectAccess during the weeklong event in Houston. I’ve had a number of people reach out to me about this, and for those interested I will be delivering at least two talks about Windows-based remote access in general, and DirectAccess specifically this year. I’ll be presenting a high-level session on remote access that includes DirectAccess at TechDays San Francisco, CA on June 5-6. This will be a 75 minute overview session for all things remote access in Windows Server 2012 R2, including DirectAccess, client-based and site-to-site VPN, and Web Application Proxy. If you’re interested in a more detailed training session on DirectAccess, I’ll be delivering a 3-hour technical deep-dive at TechMentor in Bellevue, WA on August 15. Hope to see you soon!

Backup Windows Server 2012 R2 with Microsoft Azure Recovery Services

The cloud is awesome! I love the power and flexibility it provides, and it lends itself well to data archiving and storage too. In my latest article on, read how to configure Microsoft Azure Recovery Services to back up on-premises Windows Server. In the article I demonstrate how to do this with Windows Server 2012 R2, but you can certainly apply this to other operating systems as well. Enjoy!

Backup Windows Server 2012 R2 with Microsoft Azure Recovery Services

Enterprise Web Proxy Performance Optimization Tips for Forefront Threat Management Gateway (TMG) 2010

I’ve been working with Microsoft Forefront Threat Management Gateway (TMG) 2010 and it’s predecessors, Microsoft Internet Security and Acceleration Server (ISA) 2006 and 2004 and Microsoft Proxy Server 2.0, for more than 15 years. I’ve deployed TMG for some of the largest organizations in the world, and one of the most common deployment scenarios I encounter in the enterprise is the forward proxy server. In this role, Forefront TMG 2010 serves as a central point to aggregate access and to provide visibility and control for users accessing content on the public Internet. Over the years I’ve gained a lot of experience making TMG perform well under extreme circumstances. Under heavy load conditions, which are common in enterprise deployments, a seemingly benign configuration error can result in severely degraded performance. In my latest article on, I share a few of the tips I’ve learned for extracting the most performance from the Forefront TMG 2010 firewall configured as a forward proxy server. Check it out today! Newsletter – April 2014

The big security news in April was, without a doubt, the vulnerability in the popular OpenSSL crypto library. The vulnerability, dubbed “Heartbleed”, is discussed at length in the latest edition of the monthly newsletter. Yes, I know it doesn’t pertain to “Windows security” as the title of the newsletter suggests, but it was an important topic that I felt needed to be discussed. This vulnerability is without question one of the worst in the history of the Internet, and for once, it wasn’t a Microsoft product. No gloating, however! Software is created by humans, and humans are fallible. It could happen to anyone. However, there are some interesting peculiarities regarding this particular bug. Read the newsletter to find out more.

Introduction to PowerShell for Microsoft Azure

PowerShell is an amazing tool for configuring and managing Windows hosts. But what happens when you implement new or migrate existing workloads to the Microsoft Azure public cloud? Not to worry…PowerShell is there! That’s right, you can leverage PowerShell to configure the Azure public cloud infrastructure too. Read my latest article on for an introduction to PowerShell for the Microsoft Azure public cloud. Newsletter – March 2014

Can a remote access solution improve your organization’s security posture? That’s a topic I explore in this month’s edition of the monthly newsletter. This month I discuss Microsoft’s next generation remote access solution – DirectAccess. DirectAccess provides seamless and transparent, always-on remote corporate network connectivity for managed Windows clients. In addition to providing a significantly improved user experience, DirectAccess also includes native support for bi-directional network connectivity for remote connected endpoints. This enables security administrators to better manage their remote devices and improves compliance tremendously. Read this month’s newsletter to learn more!

Is There Still Life Left in Forefront Threat Management Gateway (TMG) 2010?

In my latest article published on, I explore the possibility that, despite the formal end-of-life announcement from Microsoft, there might just be some life left in the venerable Forefront TMG 2010 firewall. Many folks ask me about replacement options for Forefront TMG, and depending on the deployment scenario and specific requirements, sometimes the best solution is still TMG! Read more here.

Microsoft Forefront TMG 2010