One of the issues with the "cloud" world is most apps are hosted using SSL for security. This means your URL is their URL. For instance, Microsoft Online (BPOS) will use https://red001.mail.microsoftonline.com for OWA for North America. If you just add a CNAME entry in DNS, that will redirect traffic but you'll get an SSL error since the names don't match. For instance, redirecting .com">.com">https://owa.<yourdomain>.com to https://red001.mail.microsoftonline.com will sort of work but with the SSL error so it's ugly.
In the past I'd setup IIS pages that would just redirect http traffic to the https URL I wanted but that's a pain to setup each time. With TMG 2010 (and really ISA 2006 also I believe), you can just deny that traffic and then redirect it to any URL you'd like. Here's the steps to redirect in TMG 2010.
Here’s a screen shot of how I redirect OWA to BPOS.
Now when you browse to http://<initialURL> that traffic will be redirected to https://<targetURL>. That'll at least give your users an easy initial URL to remember. It won't hide that target URL which can be a shame in certain scenarios. If the site just users HTTP, then CNAME records work great for that but as I mentioned before that'll give ugly verification errors for HTTPS.