KEMP has built a large and loyal install base across a range of market segments, applications and geographies. These include a large number of customers who have deployed KEMP’s LoadMaster load balancers in conjunction with Microsoft workloads. As a part of the solution for Exchange, Lync or SharePoint a key component has historically been Microsoft’s Forefront Threat Management Gateway (TMG). One key feature of TMG was that it offered customers a way to publish and protect workload servers such as Exchange Client Access Servers especially in Internet Facing deployments where a clean separation between critical infrastructure and the public internet is essential.
Now that End Of Sale for TMG has arrived*, KEMP Technologies has extended the successful LoadMaster platform with a new security feature pack to build on the existing core technologies such as the Reverse Proxy function which has enabled successful joint deployments of TMG and LoadMaster in Internet Facing Microsoft applications.
Figure 1 – Showing existing TMG and LoadMaster deployments
INTRODUCING THE LOADMASTER EDGE SECURITY PACK
The KEMP Edge Security Pack (ESP) pack delivers a complete solution using the KEMP LoadMaster line of load balancers to customers who would have previously deployed TMG to publish their Microsoft applications.
Figure 2 – Application deployments simplified by LoadMaster with the ESP
The KEMP ESP will offer the following key features:
End Point Authentication for Pre-Auth
Clients who are trying to access virtual services on the LoadMaster will have to provide Authentication information which will be used by the ESP to validate the clients right to access the service. In the event of success the client is enabled to access the service and in the event of failure the client will be blocked until valid credentials are provided.
Persistent Logging and Reporting for User Logging
When clients try to access a service this will be logged on the LoadMaster as part of the ESP. This will allow monitoring by the administrator.
Single Sign On across Virtual Services
LoadMaster is designed to handle multiple virtual services supporting unique workloads. These virtual services can be joined together into Single Sign On groups. The ESP will enable clients to only enter the authentication information for the first virtual service and then this same information will be used to access other services in the Single Sign On group. Therefore a client accessing Exchange will also be able to access SharePoint and other workloads if they are configured in a Single Sign On group.
LDAP authentication from the LoadMaster to the Active Directory
Active Directory is the standard for the Authentication Provider for Microsoft workloads. LoadMaster will support the key connection types between LoadMaster and the Active Directory.
NTLM and Basic authentication communication from a Client to the LoadMaster
LoadMaster with ESP will support key authentication types -- Basic and NTLM -- between client and the LoadMaster providing clients with an optimum authentication experience.
Large and small businesses are deploying large numbers of Internet Facing applications to support ever expanding business requirements. This rapidly growing number of servers needs to be scalable and highly reliable. Above all, the access to these servers and services needs to be secure. With the addition of the ESP, the KEMP LoadMaster will continue to deliver on customer security requirements for internet facing applications in a world without Forefront TMG, while continuing to address requirements for feature-rich and cost-effective scalability and high reliability.
The Edge Security Pack (ESP) is available as an option in v7.0-41 ESP will be included at no extra charge with all compatible LoadMaster and Virtual LoadMaster systems until the end of August 2013.
For additional information on ESP and how to upgrade please contact KEMP.
1 – ESP is only supported on specific hardware models and new VLM installations.