I was sad to see, like many of you, that the changes announced to our Forefront product roadmap on September 12th here included the sunset of one of my favorite security products from Microsoft, Forefront Threat Management Gateway (TMG), formerly ISA server. This product had a strong history in the SMB space due to its inclusion in several of the versions of Small Business Server over the years. This has been made pretty clear in MANY blogs by now, but I have included a brief list of affected products below in addition to TMG.
We are discontinuing any further releases of the following Forefront-branded solutions:
- Forefront Protection 2010 for Exchange Server (FPE)
- Forefront Protection 2010 for SharePoint (FPSP)
- Forefront Security for Office Communications Server (FSOCS)
- Forefront Threat Management Gateway 2010 (TMG)
- Forefront Threat Management Gateway Web Protection Services (TMG WPS)
The Blog post goes on to detail the way in which these products will be supported in the future, adhering to our typical product support lifecycle.
I was amazed by how much this seemed to surprise people based on the fact there has been rumblings of this move for 16 months. See Mary Jo Foley’s post “Did Microsoft just pull the plug on its secure Web gateway product?” from June 1, 2011.
Nothing I have mentioned is new to this point, so why am I bringing this up when it is three week old news? Well, for two reasons.
1.) No one to my knowledge has mentioned there is a comprehensive Partner FAQ.
The Forefront Product Roadmap Changes Partner FAQ discusses many aspects of the roadmap changes including:
- Licensing availability (and implications) of the products to be discontinued
- You can continue to purchase licenses for the discontinued Forefront products through Nov. 30, 2012. As of Dec. 1, 2012, these products will be removed from the price list).
- Alternative solutions are mentioned.
There are mini FAQs within the 6 page document on each Forefront product affected. A good read.
2.) There seems to be a certain amount of anxiety over what (other) solutions are affected with certain partners I have chatted with in the last few weeks.
While at partner events in several areas of the country these last few weeks I have been asked about these changes and if they impact technology or solution “X”. The roadmap statements are clear. The Partner FAQ explicitly states there is no change to the UAG roadmap. Forefront UAG 2010 SP2 was released in August 2012, and there is no change to the FIM roadmap. FIM 2010 R2 and the Microsoft BHOLD Suite were released in June 2012.
Perhaps the confusion is an indictment of the brand clarity of Forefront or just the simple matter Microsoft has a lot of solutions across multiple brands like Forefront, Windows, System Center, etc. that relate to security in some way. I cannot be sure. …One partner asked me on Thursday if the changes to the Forefront lineup would mean Network Access Protection (NAP) was being discontinued! I put his fears to rest as NAP is a component of Windows Server 2012 and can certainly still be deployed leveraging the Network Policy and Access Services role, more specifically the Network Policy Server (NPS) role service. The comment I would make here is we tend to highlight the new or greatly enhanced capabilities in new product releases (ex. Direct Access) which can sometimes drown out highly useful standby technologies like NAP.
I think the most important thing to derive from the announcements is that we are making these changes for a good reason. Here is what we stated out of the gate:
Microsoft has evolved its approach to security for core workloads in response to customer demand, continued increases in security threats, and feedback about Microsoft products and services. We have made an effort to better align our protection assets with the workloads they protect. The changes to the Forefront roadmaps are a result of these efforts.
I hope the FAQ is useful to you.