Life in a Post TMG World – Is It As Scary As You Think?

This article totally makes sense, if it was published three or five years ago. In reality Microsoft recommended a reverse proxy even after the EOL announcement of TMG and did so consistently in every document and guideline. The same author telling us here why we don't need TMG anymore wrote several articles and whitepapers on how to deploy TMG and UAG with recent versions of Exchange.

http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx

http://blogs.technet.com/b/exchange/archive/2010/07/16/3410408.aspx

I have great respect for the author, but not for the message the team is giving here. First of all, this is the first proper response since September 2012. Why on earth took that so long, knowing almost every Exchange deployment uses TMG as reverse proxy? Many people asked for guidance in the forums and there was no clear answer. This leads me to believe that the team saw itself forced to tell us we don't need TMG anymore because the product was pulled.

Also I would not recommend anybody to use TMG in a new Exchange design, knowing that support ends in a short time. UAG makes no sense either, it's not very likely that we see a version compatible with Server 2012 or Server 2012 R2. That leaves WAP in Server 2012 R2, obviously this is where the missing features from TMG and UAG seem to reappear. It is a complete mystery to me why Microsoft decided to pull TMG almost 18 months before a (kind of) replacement appears in the form of Server 2012 R2 WAP.

And a final point. Many companies have the requirement to terminate unauthenticated traffic in a perimeter network. It's not up to me as the Exchange consultant to convince them why their security policy is outdated, it's up to me to design a solution meeting their needs. And this has become a lot more difficult in the post TMG era, no TechNet blog is gonna fix that.