In this article I will show you how to install and use the Forefront TMG Best Practice Analyzer (TMGBPA). You can use TMGBPA to analyze your Forefront TMG environment for security holes, performance problems and configuration mismatches. The Best Practices Analyzer (BPA) Tool is designed for administrators who want to determine the overall health of their Forefront TMG computers and to diagnose current problems.
Let us begin
TMGBPA scans the configuration settings of the local Forefront TMG computer and reports issues that do not conform to the recommended best practices. TMG BPA uses some different technologies to get information about the TMG computer. TMG BAP uses COM objects to find information, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings to collect all necessary information about the Forefront TMG computer.
The resulting report details critical configuration issues, potential problems, and information about the local computer. TMG uses an integrated Windows help (chm file) or external website links for additional information on how to solve problems found in your TMG configuration.
TMG BPA comes with two tools:
TMG Data Packager
TMG Data Packager
TMG Data Packager creates a single .cab file containing Forefront TMG diagnostic information that can be easily sent to Microsoft Product Support Services for analysis.
BPA2Visio generates a Microsoft Office Visio diagram of your network topology as seen from a Forefront TMG computer or any Windows computer based on output from Forefront TMG BPA. Visio 2003, 2007, or 2010 must be installed in order to run BPA2Visio, so it is not recommended using BPA2Visio on the Forefront TMG computer, because you had to install Visio on the Firewall. A better practice is to install the Forefront TMG BPA on a machine with Visio installed. It is possible to use saved TMG BPA scan results for BPA2Visio.
The System requirements for running TMG BPA are moderate:
Supported Operating Systems:
Windows Server 2008
Windows Server 2008 R2
Microsoft .NET Framework 2.0 or higher
Forefront TMG Medium Business Edition (MBE)
Forefront TMG 2010
For BPA2Visio: Microsoft Office Visio 2003; Microsoft Office Visio 2007; Microsoft Office Visio 2010
First we need to download the Forefront TMG Best Practice Analyzer (TMGBPA) from the following website. After downloading, you can install the TMGBPA tool following the instructions of the wizard.
Figure 1: Installation of the Forefront TMG Best Practice Analyzer Tool
Read, understand and accept the License Agreement
Figure 2: Forefront TMG Best Practice Analyzer Tool automatic update option
If you want to participate in the CEIP – Customer Experience Improvement Plan click the appropriate option. You can change this setting later.
Figure 3: Forefront TMG Best Practice Analyzer Tool - CEIP
Click Install to start the TMG BPA installation process. The installation takes some time, depending on the speed and load of your TMG machine. After the installation of the TMG BPA has finished, start the Forefront TMG Best Practice Analyzer tool.
Figure 4: Installation of the Forefront TMG Best Practice Analyzer Tool has finished
On first startup, TMG BPA is checking for the most current version on the Internet
Figure 5: TMG BPA checking for updates
Create a First Scan
After checking for TMG BPA updates, it is time to create a first TMG BPA scan. Select options for a new scan.
Figure 6: TMG BPA – Select options for a new scan
Start a scan and select the scan option. Enter the scan label to identify the scan job later, and enter the Scan type.
Figure 7: Enter scan label, and scan type
The scan process can take some time, but the estimated time remaining will give you helpful information how long the process takes to complete.
Figure 8: TMG BPA starts scanning the TMG configuration
It takes some time…
Figure 9: TMG BPA scanning in progress
Scanning completed. Click view a report of the Best Practices Scan.
Figure 10: TMG BPA scan completed
It takes some time to display all issues. The issues are sorted from Critical to informational items.
Figure 11: TMG BPA scan results
If you want to have more information about the found issue, click the issue to find more information how to resolve the found problem. Forefront TMG BPA uses a Built In help file with TMG BPA information.
Figure 12: TMG BPA – getting additional information
It is also possible to schedule a BPA scan if you want to create TMG health reports over a specific time. Scheduling TMG BPA reports is always helpful if you often change the Forefront TMG configuration.
Figure 13: Schedule a TMG BPA scan
You can view the TMG BPA help file without executing the TMG BPA tool. You can find the TMG BPA help file (.CHM file) in the installation directory of Forefront TMG BPA. The TMG BPA help is really helpful to get additional information about all Forefront TMG issues.
Figure 14: TMG BPA integrated help
It is also possible to configure Forefront TMG BPA update checking, and Customer Experience improvement Program settings.
Figure 15: Configuring Updates and customer Feedback
TMG BPA has the option to open saved BPA reports for later reviewing. Click Import scan to open a saved report.
Figure 16: Importing TMG BPA scan reports
To determine the version of the TMG BPA version, click About the Forefront TMG Best Practice Analyzer. The version used for this article is 2.5.7970.100.
Figure 17: TMG BPA version information
In this article, I gave you an overview of the Microsoft Forefront TMG Best Practice Analyzer. TMGBPA is great tool for Administrators and TMG consultants to analyze their TMG Server computers for potential problems. TMG BPA has also some basic documentation capabilities in form of saved TMG BPA reports and the BPA2Visio component.