Today, Microsoft finally announced the discontinuing of most of it’s ForeFront products, including the retirement of products used in many Exchange deployments, ForeFront Threat Management Gateway (TMG) 2010 and ForeFront Protection for Exchange (FPE).
The products to be discontinued are:
- ForeFront Threat Management Gateway (TMG), including Forefront TMG Web Protection Services (TMG WPS);
- ForeFront Protection for Exchange (FPE);
- ForeFront Protection for SharePoint (FPSP);
- ForeFront Security for OCS (FSOCS);
- ForeFront Protection Server Management Console (FPSMC).
This announcement is not a real surprise; rumors TMG would cease to exist circulated for months. Using this official statement companies can start adapting their strategies, when they have not already done so, when using one of the products mentioned. When companies were planning to use them in the (near) future, they need to turn to alternative solutions as well, since the these ForeFront offerings will no longer be available for purchase as of December 1st, 2012!
As it stands, mainstream support for TMG will end on April 14th, 2015; extended support for TMG will end on April 14th, 2020. Forefront Online Protection for Exchange (FOPE) will be rebranded as Exchange Online Protection.
First, the hygiene products. This is clearly a move these shift these layers of protection to “the cloud”, which has clear benefits like filtering incoming messages before they enter the organization which is also nice from a bandwidth perspective. However, that’s no solution for the many customers still requiring an on-premise solution which, for example, does store scanning; these customers are forced to tend to to 3rd parties, like McAfee or Symantec. Note that Exchange 2013 will contain basic anti-malware functionality, but I doubt this will meet any customer’s demands and certainly isn’t a very manageable solution.
Next, there’s the firewall, reverse proxy, load balancing and VPN functionality offered by TMG. Currently, many organizations use TMG to publish Exchange and as like many say and know, Exchange and TMG go very well together. For example, TMG can offer pre-authentication or SSL offloading for your Exchange boxes.These customers need to look into VPN like solutions like ForeFront UAG, which is a totally different concept and less straightforward than implementing a TMG in front of your Exchange boxes, or check for 3rd party solutions, like F5 BIG-IP with the Access Policy Manager add-on. Of course, your revised strategy and eligible solutions depend on your business requirements.
Roadmaps of ForeFront Identity Manager (FIM) and ForeFront Unified Access Gateway (UAG) remain unchanged, so publishing Exchange using UAG remains a future-proof possibility.