02 March 2011

Installing TMG Enterprise Management Console

The TMG enterprise Management Server (EMS) allows you to manage serveral arrays centrally.  This also allows you to apply enterprise wide objects to multiple arrays, as opposed to having to do the configuration for ever array.  This also differs from simply having the management console installed on a non array member machine in that it not only is used for managing arrays but that it actually stores the array configurations (Configuration Storage Server.)

Preparation Wizard
After the starting up the splash screen you select the Preparation Wizard.  This will easily step you through the installation.  Just take not of the following screen.  Note that you CANNOT select to have a TMG   firewall machine configured as a EMS server.  This is different from ISA 2006 where you could do this.


Installation
After the preparation finishes you can launch the installation wizard, again follow the wizard but take not of the following screens.


This is a general recommendation, you can choose to ignore it and have multiple TMG enterprise arrays.  But you have been warned.


Since TMG support not being part of a domain for security reason you can choose to have a work group deployment.  The other reason for choosing this is if you have a deployment that spans multiple domains without a trust relationship.



Post Installation Tasks
Once the installation is done you will notice that the Console tree now contains additional nodes for 
  • Enterprise
  • Arrays


Once the installation is complete remember to install the TMG updates.

At the time of writing this the available updates were:



To successfully install the service pack and update you need to turn off User Access Control (UAC) - Yes Really! . You also need to install them in sequence - SP1 then the Update for SP1.

3 comments:

Jason Jones said...

You don't need to disable UAC, you just need to run the updates from an elevated command prompt using the "copy as path" option...this is covered in the SP1 install instructions I think.

Etienne Liebetrau said...

Thanks Jason for pointing this one out.

As per the MS SP1 install doc

If you downloaded the service pack from the Microsoft Download Center, do the following:

Press the SHIFT key and right-click on the .MSP file, and then select Copy as path.

Right-click the Command Prompt icon, and then select Run as administrator.

Right-click the Command Prompt window and select Paste.

Jason Jones said...

The update should be a self-elevating .exe or .msi really ;)

Post a Comment