Thursday, 13 September 2012

Initial Considerations for Migrating from Forefront TMG to Forefront UAG

Give the recent Microsoft announcement notifying customers that Forefront TMG is being discontinued, as discussed in my previous blog post, it is likely that many customers will consider migrating to Forefront UAG in order to provide publishing services that protect Microsoft server workloads like Exchange, SharePoint and Lync.

Therefore, given the recent news, I thought it might be useful to highlight a previous comparison of Forefront TMG and Forefront UAG to help identify some of the benefits of shifting solutions, but more importantly also highlight areas of Forefront TMG that cannot be satisfied by Forefront UAG at this time. The importance of the benefits and limitations are going to be very specific to individual needs, therefore a breakdown will undoubtedly be useful as part of the initial “What next?” thought process.

In my mind, one of the best comparisons was provided by Tom at the following location:

Choosing Between Forefront TMG or Forefront UAG for Publishing Scenarios

Please Note: It should noted that this article was written in April 2011 and Forefront UAG is now at Service Pack 2 level, which introduced several improvements as discussed here. Therefore, these should also be considered.

I really wish I had written that article (but I didn't!) so the best I can do is highlight its existence and potential value as people consider their options in light of the recent announcement. It is factual, concise, easy to consume and therefore a great reference at this time.

UPDATE: If you are considering using Forefront UAG as a replacement for Forefront TMG, you should review in detail the supported scenarios discussed here and also specific considerations for Lync as highlighted here.

Unfortunately, for customers using Forefront TMG for caching, secure web gateway, and firewall scenarios, there is no Microsoft equivalent that can be migrated to at the end of this support period. No doubt it would be very useful if a similar comparison table could be created to compare Forefront TMG against other vendor solution like Bluecoat, Cisco, Juniper, Fortinet and Websense – at this time, I’m not sure if that exists unfortunately…so the “What next?” question is a little harder to answer at this time if you use Forefront TMG in one of the above outbound scenarios. The original Microsoft mantra of Forefront TMG for outbound and Forefront UAG inbound is sadly no longer viable.

Additional notable references for TMG vs. UAG include:


  1. UAG runs on top of TMG. Why move your sites to UAG when the underlaying software is being done away with?

  2. Very good question. What will be the point of moving to UAG if TMG is being scrapped? Risky move. And maybe Microsoft will drop the UAG soon too probably. The whole thing doesn't smell good. Both the TMG and UAG are robust products.