Here’s a quick video outlining some of the differences between TMGs Reporting, and what can be achieved using WebSpy Vantage. The video does not illustrate all the limitations outlined below, so please read on.

Whats is in the Forefront TMG report?

The default TMG report contains the following sections

• Summary
• Web Usage
• Application Usage
• Traffic and Utilization
• Security
• Malware Protection
• URL Filtering
• Network Inspection System

Each section contains overviews such as ‘Top users’ and ‘Top Sites’.

If your reporting requirements can be satisfied with these overviews – that’s great! Unfortunately, when you start thinking about what system administrators and other people in your organization actually need to make informed decisions, this report is quite limiting.

The 8 Limitations of Microsoft Forefront TMG’s Reporting

Here is what I consider to be the 8 main limitations of Microsoft Forefront TMG’s reporting functionality.

1. No Drilldowns

Want to see the sites that the top 5 users accessed? Want to see the users that downloaded the most traffic from youtube? These are fairly standard reporting requirements that simply cannot be achieved using the inbuilt TMG reporting.

WebSpy Vantage lets you either interactively drilldown into a user or site, or produce a regular report that includes further details about what your top users have actually been up to.

2. No Filtering

When you generate a report in TMG, you can only filter the report by a date range. There is no way to filter out anonymous (unauthenticated) traffic or exclude traffic coming from advertising servers (such as doubleclick and 2mdn.net) that tend to dominate most of the top 10 sites.

This can easily be achieved using WebSpy’s software. Check out my video on how to remove clutter from your web reports.

3. No Customization

Customization of each overview in the TMG report is limited to the number of items to show (e.g. top 5 or top 50 users), and the sort order (Incoming Bytes, Outgoing Bytes, Requests and Total Bytes).

What about the time a user spent browsing the web, or the number of users that visited a specific site? There is no way to add custom columns such as total browsing time, average session time, or number of users/sites/IPs to the report tables.

Or say you simply want to change your top users chart from a bar to pie to easily see the percentage used. Nope sorry!

If you do make one of the two available customizations in a TMG report, you then get the annoying Apply / Discard message to save changes to the configuration database.

All of these customizations can be achieved using WebSpy Vantage, and it doesn’t touch your TMG server to apply a change to a report.

4. Limited Report Distribution

When you generate a report, you get the option to email it to a specific email address. What if you would like to create a report for every department, and then email it to the managers of each department? Or better yet, host the report on a secure web server where department managers can log in and view their reports?

WebSpy Vantage Ultimate comes with a secure ‘Web Module’ specifically for this purpose and managers still receive a link to the report via email.

5. Cluttered ‘Top Sites’ List

The ‘Top sites’ list can become particularly cluttered due to the inclusion of sub-domains. I don’t want to mentally add up the size values from farm1.static.flickr.com, farm2.static.flickr.com, and farm3.static.flicr.com – I just want to know how much was downloaded from flickr.com.

This is compounded by the inability to exclude sites that are merely placing advertising banners on the actual sites users are visiting (as mentioned in the ‘No Filtering’ limitation above).

WebSpy Vantage breaks URLs down into separate components and lets you analyze each part separately. Look at the Site Domains summary to remove sub-domains and see only flickr.com. Or perhaps you want to see the keywords a user entered into search engines like Google? Or perhaps the top pages accessed within a website? No problem. Just include the Site Keywords or Site Resource summaries in your Vantage reports.

6. No Grouping or Aliasing

There is no way to group users into departments or locations, or IP addresses into subnets, or extensions such as .html, .pdf or .exe into file types. The ability to group and represent raw log data in more meaningful ways, as offered by WebSpy Vantage, can increase the value of a report tremendously.

7. No Productivity Assessment

One of the major features introduced in TMG since ISA Server 2006 is the included URL categorization technology.

Although the TMG report gives you an overview of the categories that have been visited, the report does not use this information to display a productivity assessment for your users.

WebSpy Vantage not only provides this assessment, but also the ability to customize the categories that are deemed productive as this can vary wildly depending on the industry and organization.

8. Not browser independent

This is a minor limitation that can be a major annoyance. The report that TMG produces is a HTML report that only displays correctly in Internet Explorer. As Forefront TMG is a Microsoft product, this is not exactly surprising, but still very annoying if IE is not your default browser.

How to get awesome reports from Forefront TMG

If you have had personal experience with any of the above limitations, you’ve probably been hunting for an alternative solution. I strongly recommend checking out the WebSpy Vantage range of products, and if you would like secure report distribution via the ‘Web Module’, Vantage Ultimate is what you are after.

If you agree or disagree with anything in this article, I encourage you to leave your thoughts in the comments.

Cheers!

Scott

Something of great importance is taking the users of the network you intend to monitor into consideration. Overly intrusive practices can easily create the negative perception that Big Brother is watching and make employees feel frustrated and uncomfortable. Effective Internet monitoring requires a two-pronged approach; intuitive monitoring software AND workforce education / consideration.

This time around I would like to expand on the best ways of monitoring your organizational Internet usage whilst maintaining a harmonious working environment between employers and employees.

1. Allow for a certain amount of personal / recreational usage

Prohibiting all personal use is usually both impractical and virtually impossible to enforce in most work environments. Allowing a certain amount of (monitored) online recreation can enhance many workplaces and ultimately make employees more productive. Recent research by Dr Brent Coker at the University of Melbourne shows that people who do surf the Internet for fun at work – within a reasonable limit of less than 20% of their total time in the office – are more productive by about 9% than those who don’t.

2. Allow for a certain amount unmonitored usage

Employee privacy is a recurring concern when monitoring Internet usage at work. Employees are working longer hours than they ever before and might need to be able to deal with urgent personal matters online, during work time. By specifying and ensuring, that there will be no monitoring during lunch hours (for example), your employees can trust that their privacy is important to you, and you know it won’t affect their productivity.

3. Establish Acceptable Internet Usage Policies

Establish policies around Internet usage and:

• Explain the business-related reasons behind monitoring
• Clearly state what is considered productive and unproductive activity
• If you allow a certain amount of personal use, and / or unmonitored use during certain hours of the day, ensure you outline the exact specifications of these privileges
• Clearly state what is absolutely prohibited, for example, sending or accessing discriminatory, harassing, defamatory, or pornographic material, downloading or distributing copyrighted material without permission etc
• Include consequences for policy violations

4. Use an honest and open monitoring approach

The effectiveness of Internet monitoring directly relates to employees’ awareness of the content of the policy and corresponding breach consequences. Once your crystal clear policies have been developed, ensure you actively distribute, publish and communicate them so employees understand exactly what is expected of them and the conditions of their working environment.

5. Allow employees to view their own Internet usage

This is one of the best recommendations we can give you. More often than not, employees tend to underestimate the time they spend browsing non-work related sites. Allowing employees to view, for example, their productive and non-productive activity can help foster and drive responsible Internet usage behaviour. Employees who understand the organizational costs of their personal unproductive activities are more likely to accept your monitoring activities and modify their own behaviour accordingly.

6. Monitor the whole organization (even managers)

If you ensure everyone knows the whole organization is being monitored, as opposed to individual users or departments, you will decrease the likelihood employees feeling singled out or treated unfairly. Employees feel affirmed if procedures are adopted to treat them with respect and dignity and the likelihood of Internet monitoring acceptance and effectiveness is increased.

7. Help employees sticking to the rules

If you have set a limit of, for example, no more than 10 hours of recreational surfing per month, then ensure you alert employees when they are approaching that limit. Again, this will give the employees another opportunity to modify their own behaviour before they actually violate your Acceptable Internet Usage Policy.

8. Distribute reports – distribute responsibility

Frequently IT managers and administrators are given the ultimate responsibility of managing, enforcing and communicating acceptable Internet usage for an entire organization. Take some of the pressure off the IT department and distribute organizational Internet activity reports to responsible managers or department heads. This will enable them to see how Internet usage affects the security and performance of their own department and distributes the responsibility of enforcing acceptable usage with the managers themselves.

9. Protect employee privacy

If distributing Internet usage reports across your organization it is important to protect employees’ personal data. Make sure you use monitoring software designed to protect privacy rights by only allowing authorized users to see the employee’s identity. For instance, Network Administrators may need to investigate all traffic going to a particular site but should not need to know the user names – in this case user names should be anonymous for them but available for HR.

10. Automation

Find a monitoring solution that easily lets you customize and automate the majority of these guidelines for you. Right here might be a good place to start looking…

What do you think of these tips? Please feel free to comment below and share Internet monitoring tips that have assisted you in creating a productive and balanced working environment.