[isalist] Re: TMG Unsupported
- From: Jerry Young <jerrygyoungii@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 29 Dec 2009 08:54:15 -0500
Jim,
Not to throw gas on the fire but (okay, well, maybe just a bit of lighter
fluid)...
Here's a quote from a recent post by Oleg Ananiev to my question I posed on
the UAG/TMG forum.
"Looking forward, we see UAG continues to evolve in enhncing and extending
Remote Access solutions - ability to access corporate resources from
outside. *TMG, in turn, is primarily focusing on protecting employees from
internet threats when accessing internet from the office.*"
Orly?
I posted this same question in response to that statement on the forums but
does that mean Microsoft is considering making the TMG line a web proxy
server only?
On Tue, Dec 29, 2009 at 8:34 AM, Jerry Young <jerrygyoungii@xxxxxxxxx>wrote:
> I'm hurt. Incredibly hurt. :(
>
> I feel like Rodney Dangerfield - no respect. :(
>
> I could have sworn I posted a link that talked about what you could and
> could not do with UAG at the beginning of this thread. ;) There was even
> discussion around the topic of why bother separating the products when UAG
> installs a complete version of TMG, albiet gimped (since it only protects
> itself).
>
> I even provided a link to a newsgroup posting I made raising questions
> around the supported publishing scenarios (POP3, IMAP, OCS), specifically
> with regards to SMTP missing (POP3, IMAP clients can't send if there is no
> SMTP server).
> Referenced Link:
> http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/b8d0e1fe-9ab6-4b88-a2cc-4ad016c45196
>
> Side note: Oleg Ananiev finally responded saying that SMTP not being
> specifically given as a supported scenario was a "bug", to be addressed by
> updated docs for UAG 2010 RTM.
>
> I'll stop here lest I get started on the whole "why separate the products"
> topic again which people don't seem interested in. :P
>
> *grumble, consolidated published server rules, mumble, separate
> infrastructure for remote access, grunt, and, snort, protected access,
> cough*
>
> That being said, if you did figure out how to tweak UAG to allow for the
> first two unsupported scenarios, please share how? :)
> On Mon, Dec 28, 2009 at 5:42 PM, Thor (Hammer of God) <
> thor@xxxxxxxxxxxxxxx> wrote:
>
>> LOL. I shoulda known – the first two things I did were the first two
>> unsupported configurations ;) Makes sense tho- this UAG/TMG thing is a big
>> “strange” to say the least. Steve had a good word for it, which I won’t say
>> here.
>>
>>
>>
>> But, I have to say, it is QUITE cool once you wrap your head around it…
>>
>>
>>
>> Thanks Jim.
>>
>>
>>
>> t
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Jim Harrison
>> *Sent:* Monday, December 28, 2009 2:36 PM
>>
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> The closest to what you want they have at the moiment is
>> http://technet.microsoft.com/en-us/library/ee522953.aspx
>>
>>
>> ------------------------------
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on
>> behalf of Thor (Hammer of God) [thor@xxxxxxxxxxxxxxx]
>> *Sent:* Monday, December 28, 2009 2:01 PM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>> Let me be more specific: Is there a document of unsupported
>> configurations for UAG as there is for TMG that you know of (to Jim).
>>
>>
>>
>> t
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Thor (Hammer of God)
>> *Sent:* Monday, December 28, 2009 1:35 PM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> Is there an unsupported doc for UAG? Steve and I are doing “interesting”
>> things with the TMG config under UAG, and having to think “differently” in
>> order to get it to work, but it would be nice to know what the “true” intent
>> of UAG is insofar as TMG’s “back end” is concerned.
>>
>>
>>
>> t
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Jim Harrison
>> *Sent:* Monday, December 28, 2009 12:25 PM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> That's part of it, but by no means all.
>>
>> http://edge.technet.com/Media/ISA-to-TMG-Migration-Guidance/ might give
>> you some idea...
>>
>>
>> ------------------------------
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on
>> behalf of Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx]
>> *Sent:* Monday, December 28, 2009 11:16 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>> So, can’t we just export the 2006 Configuration (x32) into TMG( x64) – or
>> won’t that work? I mean, I ain’t got nothin’ fancy ‘cept some self-signed
>> certs…
>>
>>
>>
>> Steve Comeau
>>
>> Associate Director of IT Rutgers Athletics
>>
>> 83 Rockafeller Road
>>
>> Piscataway, NJ 08854
>>
>> 732-445-7802
>>
>> 732-445-4623 (fax)
>>
>> www.scarletknights.com
>>
>>
>>
>> [image: rutgers100px.gif]
>>
>>
>>
>>
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Jim Harrison
>> *Sent:* Sunday, December 27, 2009 10:36 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> Could you elaborate on what you mean by “the tone”?
>>
>> While we realize we’re likely to upset some folks, that’s clearly not on
>> the list of goals for this doc..
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *John Wilson
>> *Sent:* Sunday, December 27, 2009 7:02 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> Originally, my point was I didn't like the tone of the unsupported configs
>> doc.
>>
>>
>>
>> I can now see the point of publishing this so people can know what they
>> are getting into ahead of time.
>>
>>
>>
>> 2nd point: As with all things, I know when migrating 32 bit to 64 bit is
>> necessary. When we "tore down the network", it wasn't because we didn't know
>> what we were doing, it was an intentional redesign with days / weeks of
>> planning. I'm usually the first one to suggest the 64-bit deal if it's an
>> option. I just said it sucks - as in, it's not conveinient. EVEN IF a direct
>> path were offered for 32-bit to 64-bit migration were technically feasable,
>> I would STILL go with a clean install for the 64-bit for obvious reasons.
>>
>>
>>
>> As I said before, TMG as a product is fine.
>>
>>
>>
>> J
>>
>> Sent from my iPhone
>>
>>
>> On Dec 26, 2009, at 10:39 PM, "Thor (Hammer of God)" <
>> thor@xxxxxxxxxxxxxxx> wrote:
>>
>> You misunderstood what I said: I wasn’t saying to tear down the entire
>> network to get it to X64 – I was saying to John, “remember when we tore down
>> the network,” (and did not go into those reasons, as he knows). We had very
>> good reason to have to do so – and DID so in a corporate environment. If
>> anyone was going to do the stoning it was us. The point is that sometimes
>> you have to do things you don’t want to do in order to get to the “right
>> place.” You just have to define what “the right place” is. Migrating 14
>> servers is no big deal. Migrating 1400 just requires a proper plan of
>> action...
>>
>>
>>
>> No one said this would be easy. If anyone could do this, they wouldn’t
>> need us- they’d hire college kids… KNOWING the difference between TMG and
>> ISA, I can why they did what they did… If others don’t want to upgrade (for
>> reasons that I personally would call “lazy”) then that’s fine. They don’t
>> have to. If dude wants to can TMG/ISA because he doesn’t feel like doing
>> the work, then goody for thim… That’s what my point was.
>>
>>
>>
>> t
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Greg Mulholland
>> *Sent:* Saturday, December 26, 2009 12:52 PM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> That’s really great, but i’m not about to ‘tear down my entire’ network to
>> get it to x64. In a corporate environment you’d be stoned to death for even
>> mentioning such. I kind of agree with everyone a little bit, i personally am
>> planning a swing migration as its the best way i find i can reduce the
>> downtime window to me end users. It was always the same with Exchange 2007
>> and Moss and others deal with it if you want it, if it doesn’t add value to
>> you then you are not bound to upgrade, the choice is yours.
>>
>>
>>
>> Jim is right where there have been many hidden unsupported config’s for MS
>> products and ive only found out after ive installed the product when
>> problems occur. Personally i’d rather know before hand.
>>
>>
>>
>> Hope you all had a good Christmas.
>>
>>
>>
>> Greg
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Thor (Hammer of God)
>> *Sent:* Thursday, 24 December 2009 5:59 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> First off, I very much respect your opinion… But we had x86 to x64
>> conversations YEARS ago… Remember when we tore down the entire network and
>> rebuilt it from scratch? It was necessary.. Sometimes you have to do
>> that. We have to progress, and sometimes doing so is not easy.
>>
>>
>>
>> t
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *John Wilson
>> *Sent:* Wednesday, December 23, 2009 10:42 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> I read the list of unsupported scenarios. While I agree there is a certain
>> extent of necessity of unsupported configs due to the changes in underlying
>> code /technologies, to me, this reads off on a wrong note.
>>
>> It's almost like Microsoft has taken a "You have to a given configuration,
>> or else the product is not supported." attitude. In the past, I think they
>> have been more of a "technology empowers business" attitude. The shift in
>> mentality, for this piece of product documentation at least, bothers me.
>>
>> Hey, this may be just me reading it the wrong way, but if I was using ISA
>> 2006 in organization, I could see where the decision makers would look at
>> the list of unsupported configurations and say, "ISA and TMG costs a lot in
>> liscensing, and seems like it isn't as flexible as the older product. Let's
>> look at other options."
>>
>> That may or may not be a fair statement. But if I showed the documentation
>> to certain people, I'm sure the project to upgrade wouldn't get approved.
>>
>> As far as 32-bit 2003 to 64-bit 2008 with no direct upgrade path, that
>> sucks. But its the same issue users faced migrating from Exchange 2003 to
>> Exchange 2007. So it's not a new thing. It's to be expected for certain
>> products if you want to take advantage of the 64-bit architecture.
>>
>> John Wilson
>>
>>
>> ------------------------------
>>
>> *From:* Jim Harrison <Jim@xxxxxxxxxxxx>
>> *To:* "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
>> *Sent:* Wed, December 23, 2009 1:05:35 PM
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>> Since you're interested in maintaining service during the change from ISA
>> to TMG, you can't use an in-place upgrade anyway. At some point in any
>> in-place upgrade process, that server is off-line. No getting around it.
>>
>>
>>
>> Have you ever considered a rolling upgrade?
>>
>> At most, it costs you 1 or 2 extra servers (that can be included or
>> repurposed afterwards) and allows you to "silently" move your users from one
>> deployment to another.
>>
>> If you do this on virtual deployments, it's even easier.
>>
>> Chapter 6 in the TMG book (also to be a sample chapter) is dedicated to
>> this thought process and offers an example of "rolling" from ISA 2006 SE to
>> TMG EE.
>>
>>
>>
>> ..it's only as hard as you choose to make it.
>> ------------------------------
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on
>> behalf of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR [
>> DPietruszka@xxxxxx]
>> *Sent:* Wednesday, December 23, 2009 9:57 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>> For the OS don’t use excuses, Microsoft always did the same with ISA and
>> lately with a lot of other products just to force you to migrate to 64 bits
>> or 2008.
>>
>> And the instances, I have 14 (well there are 2 others not really in use)
>> ISAs servers in total, believe me I would find out a way to continue
>> protecting the network or providing proxy service while migrating other
>> boxes.
>>
>>
>>
>> It is just a pain in …. to always do the same thing, that is why I
>> promised last time to don’t migrate to the next ISA version, the pain that
>> was move from 2004 to 2006 was not worth the advantages on the new version.
>>
>>
>>
>> Believe me I’m closer to look for other products rather than upgrading,
>> that is why I would like to read about the advantages.
>>
>>
>>
>> Regards
>>
>> *Diego R. Pietruszka*
>>
>> MIS - Shift Manager
>>
>> MSC (USA) - Interlink Transport Technologies
>>
>> Direct Phone: (908)605-4147
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Jim Harrison
>> *Sent:* Wednesday, December 23, 2009 12:45 PM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> When you figure out how to do an "in place upgrade" from WS03 x86 to WS08
>> x64, you let us know?
>>
>> ..oh; and while you're at it, be sure to describe how the ISA 2006
>> instance is to continue operating (necessary for an in-place upgrade) on
>> WS08 x64?
>>
>>
>>
>> Seriously; some in-place changes just aren't possible.
>>
>>
>> ------------------------------
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on
>> behalf of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR [
>> DPietruszka@xxxxxx]
>> *Sent:* Wednesday, December 23, 2009 9:41 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>> Is there any link with a description of the advantages or new features of
>> TMG over ISA2006? I want to see if playing the crappy Microsoft game of
>> never offer an in place upgrade is worth or not the effort.
>>
>>
>>
>> Thanks
>>
>>
>>
>> Regards
>>
>> *Diego R. Pietruszka*
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Thor (Hammer of God)
>> *Sent:* Wednesday, December 23, 2009 12:33 PM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] Re: TMG Unsupported
>>
>>
>>
>> Shouldn’t one say “TMG is not supported on ‘certain’ editions” rather than
>> “on all editions? It makes it sound like every edition of 2008 is not
>> supported.
>>
>> t
>>
>>
>>
>> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Jim Harrison
>> *Sent:* Wednesday, December 23, 2009 6:29 AM
>> *To:* isalist@xxxxxxxxxxxxx
>> *Subject:* [isalist] TMG Unsupported
>>
>>
>>
>> We just published the “unsupported stuff” for TMG on TechNet.
>>
>> http://technet.microsoft.com/en-us/library/ee796231.aspx is your link of
>> reference.
>>
>> *** This message contains confidential information and is
>>
>> intended only for the individual named. If you are not the
>>
>> named addressee, you should not disseminate, distribute or
>>
>> copy this e-mail. Please notify the sender immediately by
>>
>> e-mail if you have received this e-mail by mistake and delete
>>
>> this e-mail from your system. E-mail transmission cannot be
>>
>> guaranteed to be secure or error-free as information could be
>>
>> intercepted, corrupted, lost, destroyed, arrive late or
>>
>> incomplete, or contain viruses. The sender therefore does not
>>
>> accept liability for any errors or omissions in the contents of
>>
>> this message, which arise as a result of e-mail transmission.
>>
>> If verification is required please request a hard-copy version.
>>
>> Rutgers University - DIA
>>
>> 83 Rockafeller Road
>>
>> Piscataway, NJ 08854
>>
>> www.scarletknights.com ***
>>
>>
>>
>>
>
>
> --
> Cordially yours,
> Jerry G. Young II
> Microsoft Certified Systems Engineer
>
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Other related posts:
