Replacing Microsoft’s TMG brings opportunities for NZ resellers
End of mainstream support for Microsoft's Forefront Threat Management Gateway presents great opportunities for resellers, says Scott Cowen, Fortinet New Zealand and Pacific Islands channel director.
April 2015. Mark it on your calendar. That is when Microsoft will discontinue mainstream support for their Forefront Threat Management Gateway (TMG) solution. While an inconvenience for your clients, it is a great opportunity for you, the reseller, to replace all of the functionality of TMG and upgrade their application and network protection services with advanced security capabilities.
When Microsoft released TMG 2010 in 2009, it was the culmination of more than 10 years development, starting with Microsoft Proxy Server (Catapult) in 1999.
TMG bundled a suite of security services including firewall, antivirus, anti-malware, intrusion protection (IPS) and virtual private network (VPN) support. At the time it was an advanced security solution and optimised to work within the Microsoft environment, especially with
Exchange, SharePoint, Lync, Outlook Web Access (OWA) and other Microsoft application services.
However, time and technology marches on.
While TMG was an acceptable secure gateway, many network managers morphed TMG into a tool for publishing applications onto the internet in a secure manner. TMG's capabilities for single-sign on (SSO), authentication management and Layer 7 load balancing made deploying applications across the corporate LAN and beyond the firewall relatively easy for administrators and convenient for users.
As a result, network managers have come to rely on TMG for specific web-based application services that are essential for securing today's mobile workforce. But, unfortunately, TMG's role as a secure, 'universal threat management' (UTM) gateway has been superseded as the threat landscape has evolved.
So network managers are faced with a dilemma. They need to replicate the secure application publishing capabilities of TMG while upgrading the limited UTM capabilities of the Forefront TMG gateway itself.
Two replacement options
There are two strategies your clients can adopt as they transition from TMG, and it depends on whether they have already replaced the UTM gateway functions of TMG or still rely on TMG for both UTM capabilities as well as secure application publishing.
If they have upgraded their gateway, it is simply a matter of deploying a dedicated web application firewall (WAF). There are many solutions on the market with varying levels of WAF protection. These point solutions can provide a seamless transition and provide continuity as network managers publish Exchange, SharePoint, Lync and OWA for secure external access.
If they still rely on TMG as their UTM gateway, they will be perfectly positioned to combine advanced UTM and WAF capabilities with a single appliance. In addition, many of today's UTM/WAF appliances are optimised to support up-and-coming applications such as BYOD and secure Wi-Fi.
So, while inconvenient, Microsoft's decision to discontinue support for TMG is an opportunity: An opportunity for your clients to harden security across their entire operation and an opportunity for you to provide end-to-end, advanced threat protection in a scalable, integrated and extendable security-centric environment.