Jim, Not to throw gas on the fire but (okay, well, maybe just a bit of lighter fluid)... Here's a quote from a recent post by Oleg Ananiev to my question I posed on the UAG/TMG forum. "Looking forward, we see UAG continues to evolve in enhncing and extending Remote Access solutions - ability to access corporate resources from outside. *TMG, in turn, is primarily focusing on protecting employees from internet threats when accessing internet from the office.*" Orly? I posted this same question in response to that statement on the forums but does that mean Microsoft is considering making the TMG line a web proxy server only? On Tue, Dec 29, 2009 at 8:34 AM, Jerry Young <jerrygyoungii@xxxxxxxxx>wrote: > I'm hurt. Incredibly hurt. :( > > I feel like Rodney Dangerfield - no respect. :( > > I could have sworn I posted a link that talked about what you could and > could not do with UAG at the beginning of this thread. ;) There was even > discussion around the topic of why bother separating the products when UAG > installs a complete version of TMG, albiet gimped (since it only protects > itself). > > I even provided a link to a newsgroup posting I made raising questions > around the supported publishing scenarios (POP3, IMAP, OCS), specifically > with regards to SMTP missing (POP3, IMAP clients can't send if there is no > SMTP server). > Referenced Link: > http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/b8d0e1fe-9ab6-4b88-a2cc-4ad016c45196 > > Side note: Oleg Ananiev finally responded saying that SMTP not being > specifically given as a supported scenario was a "bug", to be addressed by > updated docs for UAG 2010 RTM. > > I'll stop here lest I get started on the whole "why separate the products" > topic again which people don't seem interested in. :P > > *grumble, consolidated published server rules, mumble, separate > infrastructure for remote access, grunt, and, snort, protected access, > cough* > > That being said, if you did figure out how to tweak UAG to allow for the > first two unsupported scenarios, please share how? :) > On Mon, Dec 28, 2009 at 5:42 PM, Thor (Hammer of God) < > thor@xxxxxxxxxxxxxxx> wrote: > >> LOL. I shoulda known – the first two things I did were the first two >> unsupported configurations ;) Makes sense tho- this UAG/TMG thing is a big >> “strange” to say the least. Steve had a good word for it, which I won’t say >> here. >> >> >> >> But, I have to say, it is QUITE cool once you wrap your head around it… >> >> >> >> Thanks Jim. >> >> >> >> t >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Jim Harrison >> *Sent:* Monday, December 28, 2009 2:36 PM >> >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> The closest to what you want they have at the moiment is >> http://technet.microsoft.com/en-us/library/ee522953.aspx >> >> >> ------------------------------ >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on >> behalf of Thor (Hammer of God) [thor@xxxxxxxxxxxxxxx] >> *Sent:* Monday, December 28, 2009 2:01 PM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> Let me be more specific: Is there a document of unsupported >> configurations for UAG as there is for TMG that you know of (to Jim). >> >> >> >> t >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Thor (Hammer of God) >> *Sent:* Monday, December 28, 2009 1:35 PM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> Is there an unsupported doc for UAG? Steve and I are doing “interesting” >> things with the TMG config under UAG, and having to think “differently” in >> order to get it to work, but it would be nice to know what the “true” intent >> of UAG is insofar as TMG’s “back end” is concerned. >> >> >> >> t >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Jim Harrison >> *Sent:* Monday, December 28, 2009 12:25 PM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> That's part of it, but by no means all. >> >> http://edge.technet.com/Media/ISA-to-TMG-Migration-Guidance/ might give >> you some idea... >> >> >> ------------------------------ >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on >> behalf of Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx] >> *Sent:* Monday, December 28, 2009 11:16 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> So, can’t we just export the 2006 Configuration (x32) into TMG( x64) – or >> won’t that work? I mean, I ain’t got nothin’ fancy ‘cept some self-signed >> certs… >> >> >> >> Steve Comeau >> >> Associate Director of IT Rutgers Athletics >> >> 83 Rockafeller Road >> >> Piscataway, NJ 08854 >> >> 732-445-7802 >> >> 732-445-4623 (fax) >> >> www.scarletknights.com >> >> >> >> [image: rutgers100px.gif] >> >> >> >> >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Jim Harrison >> *Sent:* Sunday, December 27, 2009 10:36 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> Could you elaborate on what you mean by “the tone”? >> >> While we realize we’re likely to upset some folks, that’s clearly not on >> the list of goals for this doc.. >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *John Wilson >> *Sent:* Sunday, December 27, 2009 7:02 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> Originally, my point was I didn't like the tone of the unsupported configs >> doc. >> >> >> >> I can now see the point of publishing this so people can know what they >> are getting into ahead of time. >> >> >> >> 2nd point: As with all things, I know when migrating 32 bit to 64 bit is >> necessary. When we "tore down the network", it wasn't because we didn't know >> what we were doing, it was an intentional redesign with days / weeks of >> planning. I'm usually the first one to suggest the 64-bit deal if it's an >> option. I just said it sucks - as in, it's not conveinient. EVEN IF a direct >> path were offered for 32-bit to 64-bit migration were technically feasable, >> I would STILL go with a clean install for the 64-bit for obvious reasons. >> >> >> >> As I said before, TMG as a product is fine. >> >> >> >> J >> >> Sent from my iPhone >> >> >> On Dec 26, 2009, at 10:39 PM, "Thor (Hammer of God)" < >> thor@xxxxxxxxxxxxxxx> wrote: >> >> You misunderstood what I said: I wasn’t saying to tear down the entire >> network to get it to X64 – I was saying to John, “remember when we tore down >> the network,” (and did not go into those reasons, as he knows). We had very >> good reason to have to do so – and DID so in a corporate environment. If >> anyone was going to do the stoning it was us. The point is that sometimes >> you have to do things you don’t want to do in order to get to the “right >> place.” You just have to define what “the right place” is. Migrating 14 >> servers is no big deal. Migrating 1400 just requires a proper plan of >> action... >> >> >> >> No one said this would be easy. If anyone could do this, they wouldn’t >> need us- they’d hire college kids… KNOWING the difference between TMG and >> ISA, I can why they did what they did… If others don’t want to upgrade (for >> reasons that I personally would call “lazy”) then that’s fine. They don’t >> have to. If dude wants to can TMG/ISA because he doesn’t feel like doing >> the work, then goody for thim… That’s what my point was. >> >> >> >> t >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Greg Mulholland >> *Sent:* Saturday, December 26, 2009 12:52 PM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> That’s really great, but i’m not about to ‘tear down my entire’ network to >> get it to x64. In a corporate environment you’d be stoned to death for even >> mentioning such. I kind of agree with everyone a little bit, i personally am >> planning a swing migration as its the best way i find i can reduce the >> downtime window to me end users. It was always the same with Exchange 2007 >> and Moss and others deal with it if you want it, if it doesn’t add value to >> you then you are not bound to upgrade, the choice is yours. >> >> >> >> Jim is right where there have been many hidden unsupported config’s for MS >> products and ive only found out after ive installed the product when >> problems occur. Personally i’d rather know before hand. >> >> >> >> Hope you all had a good Christmas. >> >> >> >> Greg >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Thor (Hammer of God) >> *Sent:* Thursday, 24 December 2009 5:59 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> First off, I very much respect your opinion… But we had x86 to x64 >> conversations YEARS ago… Remember when we tore down the entire network and >> rebuilt it from scratch? It was necessary.. Sometimes you have to do >> that. We have to progress, and sometimes doing so is not easy. >> >> >> >> t >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *John Wilson >> *Sent:* Wednesday, December 23, 2009 10:42 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> I read the list of unsupported scenarios. While I agree there is a certain >> extent of necessity of unsupported configs due to the changes in underlying >> code /technologies, to me, this reads off on a wrong note. >> >> It's almost like Microsoft has taken a "You have to a given configuration, >> or else the product is not supported." attitude. In the past, I think they >> have been more of a "technology empowers business" attitude. The shift in >> mentality, for this piece of product documentation at least, bothers me. >> >> Hey, this may be just me reading it the wrong way, but if I was using ISA >> 2006 in organization, I could see where the decision makers would look at >> the list of unsupported configurations and say, "ISA and TMG costs a lot in >> liscensing, and seems like it isn't as flexible as the older product. Let's >> look at other options." >> >> That may or may not be a fair statement. But if I showed the documentation >> to certain people, I'm sure the project to upgrade wouldn't get approved. >> >> As far as 32-bit 2003 to 64-bit 2008 with no direct upgrade path, that >> sucks. But its the same issue users faced migrating from Exchange 2003 to >> Exchange 2007. So it's not a new thing. It's to be expected for certain >> products if you want to take advantage of the 64-bit architecture. >> >> John Wilson >> >> >> ------------------------------ >> >> *From:* Jim Harrison <Jim@xxxxxxxxxxxx> >> *To:* "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx> >> *Sent:* Wed, December 23, 2009 1:05:35 PM >> *Subject:* [isalist] Re: TMG Unsupported >> >> Since you're interested in maintaining service during the change from ISA >> to TMG, you can't use an in-place upgrade anyway. At some point in any >> in-place upgrade process, that server is off-line. No getting around it. >> >> >> >> Have you ever considered a rolling upgrade? >> >> At most, it costs you 1 or 2 extra servers (that can be included or >> repurposed afterwards) and allows you to "silently" move your users from one >> deployment to another. >> >> If you do this on virtual deployments, it's even easier. >> >> Chapter 6 in the TMG book (also to be a sample chapter) is dedicated to >> this thought process and offers an example of "rolling" from ISA 2006 SE to >> TMG EE. >> >> >> >> ..it's only as hard as you choose to make it. >> ------------------------------ >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on >> behalf of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR [ >> DPietruszka@xxxxxx] >> *Sent:* Wednesday, December 23, 2009 9:57 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> For the OS don’t use excuses, Microsoft always did the same with ISA and >> lately with a lot of other products just to force you to migrate to 64 bits >> or 2008. >> >> And the instances, I have 14 (well there are 2 others not really in use) >> ISAs servers in total, believe me I would find out a way to continue >> protecting the network or providing proxy service while migrating other >> boxes. >> >> >> >> It is just a pain in …. to always do the same thing, that is why I >> promised last time to don’t migrate to the next ISA version, the pain that >> was move from 2004 to 2006 was not worth the advantages on the new version. >> >> >> >> Believe me I’m closer to look for other products rather than upgrading, >> that is why I would like to read about the advantages. >> >> >> >> Regards >> >> *Diego R. Pietruszka* >> >> MIS - Shift Manager >> >> MSC (USA) - Interlink Transport Technologies >> >> Direct Phone: (908)605-4147 >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Jim Harrison >> *Sent:* Wednesday, December 23, 2009 12:45 PM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> When you figure out how to do an "in place upgrade" from WS03 x86 to WS08 >> x64, you let us know? >> >> ..oh; and while you're at it, be sure to describe how the ISA 2006 >> instance is to continue operating (necessary for an in-place upgrade) on >> WS08 x64? >> >> >> >> Seriously; some in-place changes just aren't possible. >> >> >> ------------------------------ >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on >> behalf of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR [ >> DPietruszka@xxxxxx] >> *Sent:* Wednesday, December 23, 2009 9:41 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> Is there any link with a description of the advantages or new features of >> TMG over ISA2006? I want to see if playing the crappy Microsoft game of >> never offer an in place upgrade is worth or not the effort. >> >> >> >> Thanks >> >> >> >> Regards >> >> *Diego R. Pietruszka* >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Thor (Hammer of God) >> *Sent:* Wednesday, December 23, 2009 12:33 PM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] Re: TMG Unsupported >> >> >> >> Shouldn’t one say “TMG is not supported on ‘certain’ editions” rather than >> “on all editions? It makes it sound like every edition of 2008 is not >> supported. >> >> t >> >> >> >> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Jim Harrison >> *Sent:* Wednesday, December 23, 2009 6:29 AM >> *To:* isalist@xxxxxxxxxxxxx >> *Subject:* [isalist] TMG Unsupported >> >> >> >> We just published the “unsupported stuff” for TMG on TechNet. >> >> http://technet.microsoft.com/en-us/library/ee796231.aspx is your link of >> reference. >> >> *** This message contains confidential information and is >> >> intended only for the individual named. If you are not the >> >> named addressee, you should not disseminate, distribute or >> >> copy this e-mail. Please notify the sender immediately by >> >> e-mail if you have received this e-mail by mistake and delete >> >> this e-mail from your system. E-mail transmission cannot be >> >> guaranteed to be secure or error-free as information could be >> >> intercepted, corrupted, lost, destroyed, arrive late or >> >> incomplete, or contain viruses. The sender therefore does not >> >> accept liability for any errors or omissions in the contents of >> >> this message, which arise as a result of e-mail transmission. >> >> If verification is required please request a hard-copy version. >> >> Rutgers University - DIA >> >> 83 Rockafeller Road >> >> Piscataway, NJ 08854 >> >> www.scarletknights.com *** >> >> >> >> > > > -- > Cordially yours, > Jerry G. Young II > Microsoft Certified Systems Engineer > -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer