Installing an Enterprise Management Server (EMS) for centralized management

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

The Forefront TMG Enterprise Management Server (EMS) enables you to centrally manage Forefront TMG arrays. You can create and update enterprise policies, and create policy rules which you can then assign to the arrays in the enterprise.

The following procedure describes how to install an EMS for centralized management.

Note

The computer must be connected to the Internet during the installation process.

To install an Enterprise Management Server (EMS) for centralized management

  1. Insert the Forefront TMG DVD into the DVD drive, or run autorun.hta from a shared network drive.

  2. On the main setup page, click Run Windows Update. Windows Update might require one or more computer restarts. If the computer restarts, you must relaunch the setup, as described in step 1.

  3. On the main setup page, click Run Preparation Tool to launch the Forefront TMG Preparation Tool. For instructions on running the Preparation Tool, see Preparing for installation.

  4. On the main setup page, click Run Installation wizard to launch the Forefront TMG Installation Wizard.

  5. On the Setup Scenarios page, click Enterprise Management Server for centralized array management.

  6. On the Installation Path page, specify the Forefront TMG installation path.

  7. On the Enterprise Management Server Configuration page:

    • Click Create a new enterprise configuration on this EMS, to create new enterprise policies and policy rules for this installation of EMS.

    • Click Copy an existing enterprise configuration to this EMS, to duplicate the enterprise configuration of an existing EMS to this computer. The configuration copied includes enterprise policies and settings of the arrays of the enterprise.

  8. If you selected Create a new enterprise configuration on this EMS, on the Create New Enterprise page, enter the name of the enterprise in the Enterprise name box and a short description of the enterprise in the Description box.

  9. If you selected Copy an existing enterprise configuration to this EMS, on the Locate Configuration Storage Server page, enter the fully qualified domain name (FQDN) of the EMS from which to copy the enterprise configuration settings, and then select which user account to use when connecting to the configuration storage server.

    Important

    Before copying the enterprise configuration settings from an existing EMS, on the existing EMS, you must add the new EMS computer to the Replicate configuration storage servers under Computer Sets in Network Objects.

  10. On the Forefront TMG Configuration Replicate Source page:

    • Click Replicate over the network to copy settings over the network.

    • Click Copy from the restored backup files to copy settings from a backup folder.

  11. On the Enterprise Deployment Environment page, select the membership type of your Forefront TMG Enterprise deployment.

    • Click Single domain deployment if the enterprise computers are in the same domain.

    • Click Workgroup deployment if the enterprise computers reside in a workgroup. You must install a server certificate. For more details on installing server certificates, see Creating certificates

  12. On the final page, you can select to open the Forefront TMG Management console immediately.

Concepts

Planning to install Forefront TMG
Installing Forefront TMG