News

Microsoft To Update Forefront TMG and UAG for Exchange 2013

• By Kurt Mackie
• November 27, 2012

To help with publishing Exchange 2013, Microsoft is planning update releases for its Forefront Threat Management Gateway (TMG) and Unified Access Gateway (UAG) products.

Currently, it's not practical to use UAG to publish Exchange 2013, according to this Exchange team blog post by Greg Taylor, a principal program manager for the Exchange customer experience. Doing so requires that some of UAG's security features be disabled, he noted. The issue is tied to Microsoft's Outlook Web Apps (OWAs), which were rewritten to work with Exchange 2013, causing confusion for UAG. Taylor advises UAG users to just wait for the forthcoming update, which will add support for Exchange 2013.

It's not clear when those UAG and TMG updates will be available. While Microsoft is planning a "general availability" release of Exchange 2013 in the first quarter of next year, the product was made available earlier this month to Microsoft's volume licensing customers, as well as its TechNet and MSDN subscribers. So those early adopters may be all ready to go with Exchange 2013, but they'll face a bit of a snag with enabling remote e-mail access.

Exchange 2013 presently lacks its own publishing wizard and UAG can't be used. TMG can be used to publish Exchange 2013, but it involves making a few new settings changes compared with publishing Exchange 2010. The details on how to configure TMG to publish Exchange 2013 are described by Taylor in the blog post. For instance, the logoff parameter has changed and the delegation priorities for Outlook Web App authentication need to be modified.

Update for a Dying Product
Updating TMG to publish Exchange 2013 or tweaking it with a workaround may seem a bit odd as Microsoft plans to end the sales of its Forefront Threat Management Gateway 2010 products on Dec. 1, 2012, along with four other Forefront enterprise security products. In contrast, Microsoft plans to continue sales of its Forefront Unified Access Gateway 2010 SP2 and Forefront Identity Manager 2010 R2 products. TMG may not be a widely used product, but organizations may have it because it sometimes comes with licensing agreements, according to Rick Holland, a senior analyst at Forrester Research.

TMG 2010 will last almost eight more years, with extended support for the product ending on April 14, 2020. Still, UAG, a product that Microsoft will continue to sell, has some drawbacks as a replacement for TMG, according to Microsoft Exchange MVP Tony Redmond.

"It might be natural to suppose that Microsoft's Unified Access Gateway (UAG) might replace TMG, but that's not really the case," Redmond wrote in a September blog post. "First, UAG is more expensive than TMG. Depending on Microsoft pricing in the country where you reside, UAG might be twice as expensive as TMG, so the sheer cost of a transition will be painful. Second, TMG works with some Microsoft products to cover common scenarios very well. Exchange is one of these applications, and there are some functionality gaps that UAG will have to cover before it can be considered to be an adequate replacement. For example, two-factor authentication for ActiveSync devices or certificate-based authentication for OWA."

Redmond notes that some third-party vendors, such as Kemp with its LoadMaster product, are already stepping up to the plate to address Microsoft's TMG product fadeout. Another vendor that has promised to take up the slack is F5 Networks.

Exchange 2013 Perks
IT pros may have good reasons to want to publish Exchange 2013 and use OWA for remote e-mail connections. One of the more interesting reasons is offline access to OWA 2013 e-mail, contacts and calendars. This feature works with Internet Explorer 10, Google Chrome and Apple Safari 5 or greater browsers. E-mail is supported in offline folders, with users getting access to "three days of content or 150 items, whichever is greater," according to Microsoft's blog explanation.

Exchange 2013 also supports larger mailboxes and comes with basic anti-malware protection, along with automatic traffic-surge protection and other management improvements.