Find out more about our business on www.exertismicro-psecurity.com

Forefront Threat ManagementGateway (TMG) WhitepaperThe Solution….

Last year Microsoft announced changes to the roadmaps of several Forefront products, including the discontinuation of Forefront Threat Management Gateway 2010 (TMG). Microsoft revealed this sudden change to services is a desire to better align their security and protection solutions with the workloads and applications they protect.

What is going to replace TMG? Microsoft have been quick to embrace and encourage organisations to migrate their security services to the cloud, however many are still very cautious about the cloud with businesses still favouring a grounded approach to their network security implementation that is simple to manage and control.

As a Microsoft Global Alliance Partner and a fully certifi ed hardware load balancing partner, Dell SonicWALL and KEMP Technologies respectively, are unique in being able to offer integrated solutions that can help organisations of any size to easily and quickly replace their existing Microsoft Forefront TMG deployment or complement their existing Microsoft implementation.

Things to Consider

If you have a current implementation of TMG or were planning to deploy TMG before Microsoft’s announcement, Dell SonicWALL and KEMP Technologies could have the right solution for your needs:

• Firewall

• Load Balancing

• Proxy

• Reverse Proxy

• Content Filtering

In addition, KEMP Technologies and Dell SonicWALL Next Generation Firewalls can deliver all of these services plus:

• Full layer 7 Application Identifi cation and Control

• Intrusion Prevention

• Wireless access and control

• ISP redundancy and load balancing

• Transparent user authentication and policy enforcement

Dell SonicWALL and KEMP Technologies have designed solution packages to address the needs of small, medium and large organisations. This document is designed to provide solution examples across a wide range of businesses where you would have traditionally found a Microsoft TMG deployment offering a range of services.

Directors: XXXXXXXXX Registered XXXXXXXXXX VAT No: XXXXXXXXXX

Address line 01Address line 02Address line 03Address line 04Address line 05Address line 06Introduction

• Anti-Malware

• Site-to-Site VPN

• Remote Access

• High Availability

• Real time Monitoring

• WAN Acceleration

• SSL Inspection

• IPSec and SSL-VPN

Remote Access

SOLUTIONS FOR SMALLER BUSINESSES

With many smaller businesses moving traditional services to cloud services such as Office 365, it’s critically important to provide secure, predictable and reliable access to both on premise and remote resources and applications.

Figure 1 shows a typical small business network deployment utilising cloud services with local Microsoft ADFS. Internet connectivity is now a mission critical component of the network, without it users are unable to access business applications and data.

Figure 1

Using Dell SonicWALL firewalls, businesses can take advantage of secure connectivity via VPN to cloud based services and manage the use of their Internet connectivity using dynamic bandwidth management of applications, including those cloud services. Support for multiple WAN connections provides enhanced resilience and reliability ensuring access to data and applications in the event of connectivity failure.

Dell SonicWALL is also able to provide secure inspection of network traffic for viruses, spyware, Trojans, intrusions, website access control and a whole plethora of other Internet based threats. All this is provided on a single hardware platform that can be configured standalone or as a high availability pair.

3

Figure 2

The KEMP LoadMaster combines versatility with ease-of-use to speed deployment of the complete portfolio of advanced messaging applications and protocols used by many applications including Exchange 2010. Providing support for Outlook Web App (OWA), Outlook Anywhere (OA), ActiveSync (EAS), Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4) and RPC Client Access (RPC CA).

Ease of deployment and maintenance means Dell SonicWALL firewalls are ideal for smaller organisations where technical resources are limited but where a fully featured solutions are required.

KEMP Technologies offers solutions to any SMB and Enterprise networks, integrating load balancing between multiple application servers along with provision of site resiliency, offering secured and resilient connectivity to critical services for the organisation.

Microsoft ADFS and Local Exchange Services

In this example deployment, the customer has Microsoft ADFS in their environment to facilitate claims-based authentication for their Exchange 2010 infrastructure and allow for SSO capabilities across applications. Other services such as internal and remote access to Outlook Web App (OWA) using the internal AD FS farm, both of which are being load-balanced by the KEMP LoadMaster.

With built-in SSL acceleration and/or overlay, the LoadMaster offloads a key source of CPU drain to improve the capacity of Servers. Layer 7 health checking at the LoadMaster ensures that should one of the servers become inaccessible, the load balancer will take that server off-line, while automatically re-routing and reconnecting users to other functioning servers.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Microsoft workloads (Exchange, Lync, RDS and SharePoint) along with other environments such as HTTP/HTTPS, SQL, Oracle, Citrix, and includes a comprehensive first year warranty and technical support agreement.

With increased network complexity Dell SonicWALL are able to provide the most suitable solution regardless of size. All our firewalls run the same operating software, SonicOS, and provide the same core feature set, which includes traditional Stateful firewall, VPN, website filtering, intrusion prevention, full layer 7 application control, gateway antivirus, gateway anti-spyware etc. This means there’s not compromise on security or features for smaller organisations.

More demanding businesses require increased resilience and redundancy from their networks. Dell SonicWALL provides cost effective options such as High Availability and WAN failover ensuring no single point of hardware failure.

SOLUTIONS FOR MEDIUM AND LARGE BUSINESSES

Single Networks

Medium and larger businesses tend to have more complex networks with a mixture of deployment scenarios, on premise, private, public and hybrid cloud with more applications used by a greater user base.

Security, performance, availability and resilience are heightened as failure of any given service or unavailability of data can have a significant impact on the business, Dell SonicWALL Next Generation Firewalls offer the same core feature set with a common operating system across the entire range, from SOHO to Data Centre. So whether it’s a single deployment in Head Office or multiple sites in a distributed branch VPN network, Dell SonicWALL will have a solution to fit.

The NSA range of firewalls, from the NSA 4600 through to the NSA 6600 offer unsurpassed performance and scalability for Deep Packet Inspection, SSL inspection, application identification and control and anti-malware. With many other services such as remote access, site-to-site VPN etc. they offer the perfect blend of performance, features and price.

5

Figure 3

In this example, a larger user base and faster Internet connectivity requires higher performing Dell SonicWALL firewalls. They provide the same superior perimeter security as the rest of the range but are able to handle the increased connections, users and bandwidth. Integration with Active Directory allows for organisations to implement more granular controls, such as allowing the Marketing department access to social media while restricting access to other services such as games and chat that would be also be found on those sites.

In Figure 3, the network is a single zone (No DMZ) with a limited number of applications required to be resilient. It is a requirement that security and load balancing form an integral part of the network topology to ensure that no downtime is experienced. Cost effective solutions can be deployed for multiple applications to be load balanced with the same devices, therefore allowing connectivity to multiple services consistently and concurrently.

In the event that 2 or more servers are present, running the same applications, Load Balancing may be required (and mandated by the software vendor) to allow client connections to be distributed between the servers and also provide failover between servers in the event of supplication/server failure. The KEMP LoadMaster features a robust configuration encompassing Load Balancing, Persistence, Advanced Health Checks, Content Switching and High Availability as standard to allow Administrators to deploy highly resilient networks.

Larger organisations typically have more complex needs and hence more complex networks. Whether it’s internal applications such as Exchange, SharePoint, public facing services such as corporate websites and ecommerce, Dell SonicWALL and KEMP Technologies scale with your business needs allowing you deliver those enterprise applications and services to all your users.

Networks including DMZ facing Services

In the final example configuration, Figure 4, public facing services such as corporate websites, ecommerce, Outlook Web Access, SharePoint etc. would be deployed in a DMZ. Other applications and services, such as Exchange, for internal only use are deployed on the LAN.

Dell SonicWALL firewalls are able to scale both in performance and complexity of deployment. High availability and clustering provide resilience in an “always on” world where loss of a mission critical application can seriously affect the performance and profitability of a business. The ability to support multiple security zones (LAN, DMZ1, DMZ2, LAN2 etc.) and deployment types such as layer 2 bridge, routed, NAT in a single platform allows a business to deploy applications and services without compromise.

Tight integration with Active Directory allows policies such as web site and application control, firewall policies, bandwidth management etc. to be applied on a user/group basis without the need for further user authentication (Single-Sign-On).

Single-Sign-On is also available through RADIUS Accounting integration. This allows for third party solutions (e.g. Wireless LAN) to provide username/IP information to the firewalls so that security policies can be applied, again, based on user/group information.

In those complex networks Dell SonicWALL Next Generation Firewalls are still able to provide class leading performance and security. Deep Packet Inspection services such as Intrusion Prevention, SSL inspection, Gateway Antivirus and Anti-Spyware can still be utilised without negatively impacting application performance.

7

Figure 4

When publishing applications in these types of environments, two or more pairs of load balancers may be required. A good example of where this scenario is where applications on the DMZ (SQL/CRM and SharePoint) may have differing levels of security required for access from external users, along with the Load Balancing requirements for multiple servers.

Isolation of these services prevents any unauthorised access based on the collaborative security of the DELL SonicWALL firewalls, and also load balancing features for the resilience.

Where there are other services based within the LAN – such as Exchange, it would be best to place a further pair of Load Balancers in the LAN Security Zone.

Therefore a potential of 4 or more load balancers may be required when considering multiple zone topologies. Deployment of all of the KEMP LoadMaster products is effectively the same process and the inherent features are found throughout the product range.

Advanced features such as ESP (Edge Security Pack) and GSLB (Global Server Load Balancing – (additional licence may apply)) may also be deployed in conjunction with the Load Balancing products to allow Single Sign On, Pre Authorisation and also Global (Site Based) load balancing features.

Dell SonicWALL Next-Generation Firewalls, UTMs and SSL VPNs can deliver above and beyond Microsoft Forefront TMG 2010, with superior intrusion prevention, malware protection, application intelligence and control, real-time traffic visualisation, granular secure remote access and inspection for SSL encrypted sessions.

Dell SonicWALL NGFWs provide organizations of any size with a deeper level of network security without compromising performance because they are designed to scan all traffic regardless of port or protocol — including SSL decrypted traffic; they can detect anti-evasion techniques; and they have network-based anti-malware with access to a cloud database that is continually updated, in addition to being both easy to manage and affordable.

Centralised management and reporting using Dell SonicWALL Global Management System ensures that distributed deployments can be easily managed, monitored and deployed. Security policies can be kept consistent across all devices and from a single management interface.

The Dell SonicWALL Secure Remote Access (SRA) platform and appliance series delivers a complete secure remote access solution for up to 20,000 concurrent mobile-enterprise users from a single appliance, without escalating infrastructure costs or complexity. Employees and extranet business partners benefit from secure, clientless access to the resources they need from virtually any device, anywhere, with the unmatched security of SSL VPN.

9

The security of an industry leader

Dell SonicWALL has over 20 years of experience in the industry, and Gartner has recognized Dell as an industry leader in network security. In the NSS Labs 2013 NGFW Product Analysis Report, Dell’s SuperMassive firewall scored 100 percent in anti-evasion, stability and reliability, firewall, application control and identity awareness tests.

In 2012, Network World magazine reported in its article Scaling Up with SonicWALL’s SuperMassive, “The SuperMassive is aptly named . . . [it] can decrypt SSL traffic very fast — in fact these one-off tests show it to be the fastest device by far.” All Dell SonicWALL NGFW customers benefit from Dell’s commitment to delivering a deeper level of security for around-the-clock protection across the entire organization. Gartner named Dell SonicWALL in the Visionaries Quadrant in the SSL VPN Magic Quadrant 2011.

Learn more about Dell SonicWALL network security solutions

Dell SonicWALL offers a comprehensive line-up of industry-leading network security, including Next-Generation Firewalls and UTMs, secure remote access/ SSL VPN, anti-spam/email security, plus centralized management and reporting, and 24x7 technical support.

Useful on-line resources:• www.sonicwall.com

• www.livedemo.sonicwall.com

• http://www.demosondemand.com/clients/sonicwall/001/page/demos.asp

• Contact Dell SonicWALL: http://www.sonicwall.com/us/en/company/286.html

• Microsoft Dell Global Alliance: http://www.microsoft.com/enterprise/partners/ dell.aspx#fbid=PUqgSVat0g0

Dell SonicWALL network security products are part of Dell’s overall portfolio of end-to-end Connected Security solutions, which ensure that organizations of all sizes can protect their intellectual property in an increasingly connected world. To learn more about Dell Connected Security, please click here.

Learn more about KEMP Technologies

KEMP Technologies LoadMaster suite of Application Delivery Controller solutions optimize web and application infrastructure, provide high availability, high-performance, flexible scalability and secure operations while streamlining IT costs. With the addition of the KEMP Edge Security Pack (ESP), the LoadMaster can now deliver a complete solution to customers who would have previously deployed TMG to publish their Microsoft applications.

As a Microsoft Gold Messaging and Communications certified partner, customers can be confident when adding KEMP into their network. KEMP provides companies of every size a real choice of product, virtual or hardware, to best fit their network, size and budget requirements.

Regardless of the platform leveraged all KEMP Load Balancers & ADC’s feature:

• Application Health Checking

• Content Switching

• Intrusion Prevention System

• Pre Authentication

• Single Sign-On

• Content Caching

• Data Compression

• Layer 4-7 Server Load Balancing

• Server Health Checking

• SSL Offloading

The KEMP Virtual LoadMaster products combine this feature-rich profile, easy-to-use interface and are available for VMware, Hyper-V, Xen, KVM and Oracle VirtualBox hypervisors. The virtual appliances are designed to load balance the smallest of applications right up to the largest deployments to deliver up to 5Gbps throughput and 10,000 SSL transactions per second.

To learn more about the KEMP Virtual Load Masters, please download it for a 30 day no obligation trial. The VLM-5000 with ESP and GEO functionality is available to trial here: www.KEMPtechnologies.com/try

11

Exertis Micro-P

Technology House,Crown Road,Festival Trade Park,Stoke-on-Trent,StaffordshireST1 5NJ

T 01782 665 500E sales@exertismicro-psecurity.comW exertismicro-psecurity.com

KEMP supporting you at every stage

While our products can put customers at ease when it comes to their application health checking and server health checking, they can also be assured that our constant commitment to customers with our range of different support options make KEMP the best choice for their load balancing needs.

About KEMP Technologies

Since 2000, with over 16,000 worldwide clients and offices in America, Europe, Asia and South America, KEMP Technologies has been a leader in driving the price/performance value proposition for load balancers and application delivery controllers to levels that our customers can afford. Our products’ versatile and powerful architecture provide the highest value, while enabling our customers to optimize their businesses that rely on Internet-based infrastructure to conduct business with their customers, employees and partners.

Listed as a “Vendor to Watch” from the EMA report July 2013, KEMP provides unique customer value by solving problems that had previously gone unaddressed by other vendors in the market.