Planning to install Forefront TMG

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes the options that are available for a new installation of Forefront TMG, and helps you decide the most appropriate options for your environment.

Before you begin, verify that the computer on which you want to install Forefront TMG complies with the hardware and software requirements, as described in System requirements for Forefront TMG.

It is recommended that you read the following sections as you plan your Forefront TMG installation:

  • Installation scenarios

  • Installation modes

Installation scenarios

The following installation scenarios are available for a new installation of Forefront TMG:

  • Forefront TMG services—Installs a single Forefront TMG server on the computer, including all Forefront TMG services and the Forefront TMG Management console, for local management of Forefront TMG. For instructions, see Installing Forefront TMG services.

  • Remote management—Installs only the Forefront TMG Management console, for remote management of Forefront TMG servers that are installed on other computers. The console is a Microsoft Management Console (MMC) snap-in.

    Note the following:

    • You can run the Forefront TMG Management console on 32-bit versions of Windows Server 2008, whereas other Forefront TMG options require a Windows Server 2008 64-bit operating system.
    • You need a reliable, fast connection from the Forefront TMG computer to the computer that is running the Forefront TMG Management console, so that the console responds quickly, displaying updated configuration information. If your connection to the Forefront TMG computer is slower than 5 megabits per second, it is recommended that you connect to the Forefront TMG computer over a Remote Desktop Protocol connection and run the Forefront TMG Management console locally, on the Forefront TMG computer.
    • You cannot use a Forefront TMG remote Management console to run the Forefront TMG Getting Started wizard. In order to run the Getting Started wizard, you need to access the local console.
  • Enterprise Management Server (EMS)—This option is available only for users of Forefront TMG Enterprise Edition; it is not available for users of Forefront TMG Standard Edition. EMS enables you to centrally manage multiple Forefront TMG arrays. You can create and update enterprise policies, and create policy rules which you can assign to the arrays in the enterprise. For instructions, see Installing an Enterprise Management Server (EMS) for centralized management.

Installation modes

You can run the Forefront TMG installation in interactive or unattended mode:

  • Interactive mode—In this mode, you monitor the installation process and enter the required setup information when prompted by the setup process. This mode is recommended if you are installing a single Forefront TMG server, or a small number of Forefront TMG servers. For instructions, see Installing Forefront TMG services in interactive mode.

  • Unattended mode—In order to run the installation in this mode, you prepare the setup information in a file that is used by the setup process during installation. This mode is recommended for deployments of multiple Forefront TMG servers. For instructions, see Installing Forefront TMG services in unattended mode.

Note

  • You must be a member of the Administrators group on the local computer in order to run the Forefront TMG installation, in either mode.

  • It is recommended to disable the screen saver before performing an unattended installation; otherwise, the installation process will pause if the computer's screen saver is activated.

Concepts

Installation design guide for Forefront TMG