I'm using MS TMG 2010 Standard as my single firewall to publish my Exchange Server and IIS website to the internet, however it is just one VM in the DMZ network with just one network card (vNIC), what sort of redundancy method that is suitable for making this firewall VM redundant / automatically failover in my DR site ?
Because it is very important in the event of disaster recovery all important email through various mobile device will still need to operate and it is impossible if this TMG 2010 VM is offline.
is it by using:
1. Multicast NLB
2. Any other clustering
3. VMware HA / FT (one VM in production, the other VM in DR site with different subnet ?)
Any suggestion and idea willl be appreciated.
Thanks
Best Answer
NLB relies on nodes being on the same broadcast plane as each other, so doesn't usually work well in geographically distributed cluster scenarios (that, and it often costs you a lot in bandwidth broadcasting all incoming traffic across a WAN, only for it to be dropped over there).
Other clustering - perhaps, depending on what you have in mind. TMG doesn't lend itself to clustering except with its integrated NLB, so it'll have to be above (or below) the TMG level.
Having another VM ready to go in the DR site, and using DNS to direct traffic to the curent live node for internet clients, is probably the best solution. You could install this as another TMG Array member if it's used exclusively for publishing, and not enable NLB; that keeps the configuration consistent between the nodes, and allows for externally-driven failover.