We are happy to announce the availability of the Management Pack (MP) for the Forefront Threat Management Gateway (TMG) 2010 Release Candidate. As a response to your feedback, we enhanced the management pack, to increase its coverage and usability.

While the previous release monitored and managed some of Forefront TMG’s features, we are now monitoring and managing all Forefront TMG features. We added discoveries (automatic detection mechanisms) of the new features, their state and events in Forefront TMG 2010 and made significant improvements to increase the usability and productivity of the MP. These changes are detailed below.

Discoveries: We added new discoveries to support all of Forefront TMG’s new features. TMG discoveries detect the activated features across arrays and constantly monitor your configuration to detect changes. For example, if the administrator joins a new server to the array it will be detected automatically and displayed, or if the administrator activates a new feature (like HTTPSi) it will be automatically monitored.

Visibility: To increase the visibility of your topologies, we extended our topology coverage to add automatically generated array/enterprise topology views. This simplifies your ability to understand which components (roles) are enabled and how Forefront TMG is deployed in your organization from a single, simple node deployment up to complex, multi-node deployments.


Topology View
(Two arrays are displayed – “HTTPSi” and “SWG”)

The image above provides a clear view of a typical enterprise deployment including an EMS server (named StageEMS1), two arrays (named “HTTPSi” and “SWG”), each of the arrays has a firewall connected to it (StageTMG1 and StageTMG2 respectively). The red X marks show there are problems in the servers and the administrator can drill down and see the relevant detected components and figure out which one is failing.

The image below shows the detected components in one of the servers (Malware inspection, NIS, HTTPS Inspection, URL filtering and VPN). All components are working as expected and no events were detected up to now. The admin can expand the critical events to see which components have critical events:


Installed Roles View
(The following roles are installed: Malware inspection, NIS, Publishing (HTTPSi), URL Filtering, VPN)

Events: To make sure our customers get the most accurate notifications with a minimal level of false alarms, we’ve remodeled the MP and made sure we have more granular discoveries that match each of the relevant components (features) exposed through Forefront TMG. Each component has a discovered state and by creating aggregated events we are passing them along to the enterprise level so that the admin can easily understand the current status and follow the failure path - both in the topology view and/or through the list of installed components.

Performance Counters: In addition to the new events, we’ve added a new set of performance counters off the shelf to support additional monitoring. They are not enabled out-of-the-box to save bandwidth and assure faster response. These can be accessed through the performance node.

Compatibility: The new MP is compatible both with Microsoft System Center Operations Manager 2007 and Microsoft System Center Operations Manager 2007 R2, but we recommend that you use the Microsoft System Center Operations Manager 2007 R2 for better performance and easier customization.

This is the most usable, powerful and feature rich management pack produced for Forefront TMG 2010. You are welcome to download it to try it out.

Author: Noam Ilovich, Program Manager, Microsoft Forefront TMG

Reviewers: Nathan Bigman, Vladimir Holostov, Alon Yardeni