Configuring Forefront TMG 2010 as a Web Caching Server
One of the primary reasons for deploying ISA /TMG Server is as a Web proxy server features. Forefront TMG 2010 web caching (proxy) features to provide the fastest client response and saved the existing Internet bandwidth more efficiently. Apart from this, TMG 2010 reduces server workload by serving the web request for published web content from the cache without additional requests to the published server. TMG 2010 caching stores a copy of requested web content in the server memory and on the hard disk. So I recommend to use more memory in TMG Server for better caching performance.
TMG Server caching scenarios include:
- Forward cache —- Outside Web Servers
- Reverse cache —– Inside Web Servers
By default, web caching is not enabled on the TMG Server. Instead, it must be turned on to enable the TMG Server to provide for web caching features.
Perform the following steps to Enable Web Caching in Forefront TMG 2010:
1. In the Forefront TMG Management console, in the tree, click Web Access Policy.
2. In the right pane, click Configure Web Caching.
3. In the Cache Settings dialog box, click the Cache Drive Tab, select the server entry (KTM-TMGSRV) and click Configure button.
4. In the Define Cache Drives dialog box, select one of the drives listed in the list box. In Maximum cache size, type the amount of space on the selected drive to allocate for caching. Click Set to configure the cache drive. Click Apply, Click Apply and then Click OK.
Note: A cache can only be enabled on a disk drive using the NTFS file system.
Change the Default Cache Settings:
We have to modify the default cache setting to meet our organization’s requirements.
1. In the Cache Settings dialog box, click Advanced Tab; remove the check mark on Cache objects even if they do not have an HTTP status code of 200 to prevent from negative caching. Then increase the percentage value in Percentage of free memory to use for caching, if the TMG Server has more memory. The default is 10 percentages. Then click Apply.
Configuring Cache Rules:
After caching has been enabled on TMG Server, we should add some rules to configure cache rule to override the default cache rule to meet organization’s requirements. By default, Microsoft Update Cache and Default Rule for caching exist on the server.
Perform the following steps to create a cache rule:
1. In the Cache Settings dialog box, click on the Cache Rules tab, click New. This will display the New Cache Rule Wizard, type Web Cache in Cache rule name and then click Next.
2. On Cache Rule Destination page, click Add button, expand Network, then select External, click Add button and then close button. Then Click Next.
3. On the Content Retrieval page, accept the default setting, Only if a valid version of the object exists in the cache. If no valid version exists, route the request to the server and then click Next.
4. On the Cache Content page, accept the default setting, if source and request headers indicate to cache, In addition, also cache: select Dynamic content and then click Next.
5. On the Cache Advanced Configuration page, uncheck Cache SSL responses for security purposes since SSL content may be sensitive even outgoing SSL requests to the Internet cannot be cached. This setting Cache SSL response applies to SSL bridged traffic only. Then click Next.
6. On the HTTP Caching page, accept the default settings and then click Next.
7. On the FTP Caching page, click Next.
8. On the Completing the New Cache Rule Wizard page, reviewed the settings and then click Finish.
Configuring Cache Bypass Rule:
For the security purposes, we have bypassed the online banking web sites from caching and some web sites are not working when we have enabled in cache. So this is very important when configuring cache rule. Perform the following steps to create a cache bypass rule.
1. On the Cache Rules tab, click New button
2. On the New Cache Rule Wizard, type Bypass Web Cache in Cache rule name and then click Next.
3. On the Cache Rule Destination page, click Add button, click New under Network entities and then click Domain Name Set.
4. In the New Domain Name Set Policy Element dialog box, type Bypass Web Cache Domain Sets in the Name box, click Add button and then type the domain names and click OK.
5. In Add Network Entities dialog box, expand Domain Name Sets and select Bypass Web Cache Domain Sets just we have created, then click Add button, click close.
6. On the Cache Rule Destination page, verify the Bypass Web Cache Domain Sets and click Next.
7. On the Content Retrieval page, click Next.
8. On the Cache Content page, select Never, no content will ever be cached and click Next.
9. On the Completing the New Cache Rule Wizard page, review the configured settings and then click Finish.
10. In the Cache Settings dialog box, click Apply, click OK and then click Apply. Click on Save the changes and restart the services and then click OK, click Apply and click OK saving configuration changes.
Here, I am skipping configuring Content Download Job in Cache Settings. Organizations rarely use this setting. For this configuration, please follow the book by DR. TOM SHINDER’S Configuring ISA SERVER 2004.
Cache Performance Report:
ISA/ TMG Servers are Firewall and Proxy solution from Microsoft. Organizations use web caching servers in TMG because of easy configuration, better performance and easy integration with Active Directory Network Infrastructure. Apart from this, we can use TMG 2010 Server as both forward and reverse proxy in a single box. The above article outlines how to configure Forefront TMG 2010 as a Web Caching Server. I hope this helps.