Installing a TMG Enterprise Management Server and Migrating and Existing Standalone Array: Part 1

This is my current scenario: there are two existing servers in a stand-alone array – TMG01 and TMG02, and over in a DR site there is a new server (TMG03) that is in the process of being built. To comply with DR, all 3 servers must have their configurations up to date, however there is no direct communication allowed between the two DMZs, so simply adding to the new server as an array member is not possible.

Fortunately, IPSec is allowed between each DMZ and the management DMZ so the plan is to configure IPSec between a new Enterprise Management Server in the Management DMZ (we”ll call it EMS01) and each of the three TMG servers.

[Read more…]