Below you will see several typical cases of how the application may function and the optimal configuration variants from our point of view.
Scenario 1
Reference conditions:
All computers and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Task:
Implement traffic controlling system
Solution:
This task can be solved in several ways. We offer a variant, where all system components will be deployed on the Microsoft ISA Server/Forefront TMG computer. In this case the data will be logged to the database located on the same machine the Microsoft ISA Server/Forefront TMG installed on. To manage the program and view stats data you simply establish remote connection to the server from any computer on the network using the Remote Desktop feature or any other remote management capabilities.
This scenario is the most simple to realize, but it is also the least convenient to use. The thing is that if the physical access to the server with the program installed is hampered, and the third party products for remote desktop management are unavailable, it is impossible to manage this program.
Besides managing the program can also be complicated due to the limitation of the remote desktop management features.
In case you have constant physical access to the computer with Microsoft ISA Server/Forefront TMG installed this scenario is the most effective.
168
Scenario 2
Reference conditions:
Dedicated database server
All computers and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Task:
Implement traffic controlling system
Solution:
To implement this task we offer a variant with the installation of Data Center on a dedicated machine. In this case you only need to install the Agent and management console on the Microsoft ISA Server/Forefront TMG computer. Data Center should be installed on the dedicated database server machine. As a result program management and statistic viewing tasks will be performed the same way that was described in previous scenario, but all information about traffic will be stored on the dedicated server.
With the help of this scenario you can spare disk space of the Microsoft ISA Server/Forefront TMG computer significantly due to the fact that database will now be stored on the remote computer. Besides the workload produced by log generation process will not affect the performance of Microsoft ISA Server/Forefront TMG.
169
Scenario 3
Reference conditions:
Dedicated database server
All computers and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Task:
Implement traffic controlling system
Solution:
The most interesting is the scenario, where all system components run on separate machines. In the case you will only need to install the program Agent on the Microsoft ISA Server/Forefront TMG computer. Data Center can be installed on the remote computer.
Management console can be installed on the administrator’s desktop. To successfully install Management Console of the program on the admin’s computer it should have Microsoft ISA Server/Forefront TMG management console installed on it. Program management and log generation can be performed directly from the admin’s computer using management console. You should specify Data Center address in the Agent settings that will be used for data storage (Refer the product documentation for more details).
170
Scenario 4
Reference Conditions:
Dedicated database server
All computers and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Two or more Microsoft ISA Server/Forefront TMG servers are combined into the array
Task:
Implement traffic controlling system
Solution:
To implement traffic controlling system on the basis of several Microsoft ISA Server/Forefront TMG servers combined into an array you will have to install program Agents on all array member computers. Data Center can be installed on the dedicated database server.
In this case the admin’s computer should have Microsoft ISA Server/Forefront TMG management console and SurfCop management console installed on it. To manage the program and view statistics the administrator can connect to the configuration storage server of the Microsoft ISA Server/Forefront TMG array using management console.
172
Scenario 5
Reference Conditions:
Two or more dedicated database servers
All machines and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Four or more Microsoft ISA Server/Forefront TMG servers are combined into two or more arrays
Task:
Implement traffic controlling system
Solution:
In case you organization has several Microsoft ISA Server/Forefront TMG arrays one of the possible solutions is to use two or more Data Centers.
In this case each array will be connected to its own Data Center.
Admin’s computer should have Microsoft ISA Server/Forefront TMG management console and SurfCop management console installed on it. To manage the program and view statistics the administrator can connect to the configuration storage server of Microsoft ISA Server/Forefront TMG array using management console. In the program settings you will have to specify the address of Data Centers, where the gathered data will be stored for each array.
It is recommended to use a separate Data Center for each Microsoft ISA Server/Forefront TMG array. This will allow you to evenly distribute the load among Data Centers as well as separate the statistics within the context of each array.
174
Scenario 6
Reference Conditions:
Dedicated database server
All machines and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Four or more Microsoft ISA Server/Forefront TMG servers are combined into two or more arrays
Task:
Implement traffic controlling system
Solution:
To implement this scenario you can use one Data Center.
In this case admin’s computer should have the Microsoft ISA Server/Forefront TMG management console and SurfCop management console installed on it. To manage the program and view statistics the administrator can connect to the configuration storage server of Microsoft ISA Server/Forefront TMG array using management console. You should specify the address of the same Data Center for both arrays in the program settings (Refer the product documentation for more details).
176
Scenario 7
Reference conditions:
All machines and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Task:
Implement traffic monitoring system
Solution:
SurfCop can be configured to work in monitoring mode and traffic counting (without control). If you plan to use the program only for monitoring purposes you should disable or remove all web access and quota rules in SurfCop. Moreover you should disable global web access policies.
In this case the Data Center component can be installed either on a local computer or on a remote machine. For more convenient log generation and statistics viewing you can install the program management console on the administrator’s desktop.
If you plan to use the program for tracing the large volumes of traffic you are recommended to use enterprise database as the storage for data (for instance MS SQL or Oracle).
177
Scenario 8
Reference conditions:
All machines and devices are connected to a single network
The Internet access is provided through Microsoft ISA Server/Forefront TMG
Task:
Implement traffic quota system
Solution:
SurfCop can be configured to work in the traffic quota mode. To use SurfCop only as a traffic quota mechanism you should create respective quota rules in the Quota Rules section.
Rules can be configured either for allocating quota for traffic or time spent by the users on the Internet. If nothing but quota functionalities is required web access rules can be disabled or removed. You can also disable global web access policies.
To save the resources of quota server the stats collecting module can also be disabled. To do this you simply need to check the «Disable activity logging» checkbox located in the global settings of the program. Once you have done it the logs will become unavailable (Refer the product documentation for more details).