Forefront Threat Management Gateway Service Pack 1 released

by Shijaz Abdulla on 24.06.2010 at 11:50

This is a repost from the TMG Team Blog.

Microsoft® Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1) got released on 23rd June 2010.

Microsoft® Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1) introduces following new features and functionality to Forefront TMG 2010 Standard and Enterprise Editions.

New Reports

  • The new User Activity report displays the sites and site categories accessed by any user.
  • All Forefront TMG reports have a new look and feel.

Enhancements to URL Filtering

  • You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
  • You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
  • Denial notification pages can now be customized for your organization’s needs.

Enhanced Branch Office Support

  • Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
  • When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of Branch Cache at the branch office, using Forefront TMG as the Hosted Cache server.

Support for publishing SharePoint 2010

  • Forefront TMG SP1 supports secure publishing of SharePoint 2010.

Additional resources:

Branch Office Caching with Windows 7

by Shijaz Abdulla on 17.03.2009 at 19:06

BranchCache is a new content caching feature introduced in Windows 7. This is especially useful in a branch office scenario, when users in the branch office request files from a server located in the head office.

BranchCache is a passive content cache. When BranchCache is enabled, a copy of data accessed from an intranet web site or a file server is cached locally within the branch office. When another user on the same network requests the file, the user gets access to the content almost immediately as it is downloaded from the local cache rather than over a limited bandwidth connection back to headquarters.

BranchCache works with web content (HTTP and HTTPS), and file servers (SMB) and also works well with security technologies like IPSec, SMB Signing and SSL.

BranchCache will only serve content to users who have the right permissions and will always make sure it is delivering the latest version of the file.

Two modes of operation:

Hosted Cache mode: In the Hosted Cache mode, a server in the branch running Windows Server 2008 R2 hosts the cached files.

Distributed Cache mode: In this mode, a branch server is not required, as copies of files are directly cached on Windows 7 PCs located in the branch office. When the same content is requested by another Windows 7 client, the cached content is sent to other Windows 7 clients as needed.

For BranchCache to work, each “content server” (computer serving the content – file server or web server) must run Windows Server 2008 R2. In the case of hosted cache, the hosted cache server must also run Windows Server 2008 R2. All client computers must run Windows 7 Enterprise or Ultimate Edition.

Important information about caching HTTP/HTTPS content (updated: July 1, 2010):

BranchCache feature in Windows Server 2008 R2 Server supports only web-servers that use HTTP.SYS only and IIS uses the HTTP.SYS stack. Hence, even if the web server is running Windows Server 2008 R2 but the web site is not hosted on IIS, BranchCache will not work. Web servers like Apache and Weblogic do not use the HTTP.SYS stack and hence will not work with BranchCache.