Monday, 10 March 2014

MICROSOFT FOREFRONT TMG - BEST PRACTICE ANALYZER

TMGBPA - THREAT MANAGEMENT GATEWAY BEST PRACTICE ANALYZER

INTRODUCTION:
You can use TMGBPA to analyze your Forefront TMG environment for security holes, performance problems and configuration mismatches. The Best Practices Analyzer (BPA) Tool is designed for administrators who want to determine the overall health of their Forefront TMG computers and to diagnose current problems.

TMGBPA scans the configuration settings of the local Forefront TMG computer and reports issues that do not conform to the recommended best practices. TMG BPA uses some different technologies to get information about the TMG computer. TMG BAP uses COM objects to find information, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings to collect all necessary information about the Forefront TMG computer.

The resulting report details critical configuration issues, potential problems, and information about the local computer. TMG uses an integrated Windows help (chm file) or external website links for additional information on how to solve problems found in your TMG configuration.

TMG BPA comes with two tools:
  • TMG Data Packager
  • BPA2Visio

TMG Data Packager
TMG Data Packager creates a single .cab file containing Forefront TMG diagnostic information that can be easily sent to Microsoft Product Support Services for analysis.

BPA2Visio
BPA2Visio generates a Microsoft Office Visio diagram of your network topology as seen from a Forefront TMG computer or any Windows computer based on output from Forefront TMG BPA. Visio 2003, 2007, or 2010 must be installed in order to run BPA2Visio, so it is not recommended using BPA2Visio on the Forefront TMG computer, because you had to install Visio on the Firewall. A better practice is to install the Forefront TMG BPA on a machine with Visio installed. It is possible to use saved TMG BPA scan results for BPA2Visio.

System Requirements
The System requirements for running TMG BPA are moderate:

Supported Operating Systems:
Windows Server 2008

Windows Server 2008 R2

Windows Vista

Windows 7

Microsoft .NET Framework 2.0 or higher

TMG
Forefront TMG Medium Business Edition (MBE)

Forefront TMG 2010

BPA2Visio
For BPA2Visio: Microsoft Office Visio 2003; Microsoft Office Visio 2007; Microsoft Office Visio 2010

Download the Forefront TMG Best Practice Analyzer (TMGBPA) from the following website. 

After downloading, you can install the TMGBPA tool following the instructions of the wizard. Press Next >


















Read, understand and accept the License Agreement. Select Yes and Press Next >


















If you want to participate in the CEIP – Customer Experience Improvement Plan click the appropriate option. You can change this setting later. Press Next >


















Click Install to start the TMG BPA installation process. The installation takes some time, depending on the speed and load of your TMG machine. After the installation of the TMG BPA has finished, start the Forefront TMG Best Practice Analyzer tool. Press Finish


















On first startup, TMG BPA is checking for the most current version on the Internet















Create a First Scan
After checking for TMG BPA updates, it is time to create a first TMG BPA scan. Select options for a new scan.
















Start a scan and select the scan option. Enter the scan label to identify the scan job later, and enter the Scan type. Enter scan label, and scan type.



















The scan process can take some time, but the estimated time remaining will give you helpful information how long the process takes to complete.


















Scanning completed. Click view a report of the Best Practices Scan.



















It takes some time to display all issues. The issues are sorted from Critical to informational items.


























If you want to have more information about the found issue, click the issue to find more information how to resolve the found problem. Forefront TMG BPA uses a Built In help file with TMG BPA information.


























It is also possible to schedule a BPA scan if you want to create TMG health reports over a specific time. Scheduling TMG BPA reports is always helpful if you often change the Forefront TMG configuration.
















You can view the TMG BPA help file without executing the TMG BPA tool. You can find the TMG BPA help file (.CHM file) in the installation directory of Forefront TMG BPA. The TMG BPA help is really helpful to get additional information about all Forefront TMG issues.


























It is also possible to configure Forefront TMG BPA update checking, and Customer Experience improvement Program settings.





















TMG BPA has the option to open saved BPA reports for later reviewing. Click Import scan to open a saved report.


























TMGBPA is great tool for Administrators and TMG consultants to analyze their TMG Server computers for potential problems. TMG BPA has also some basic documentation capabilities in form of saved TMG BPA reports and the BPA2Visio component.

No comments:

Post a Comment