PacktLib: Microsoft Forefront UAG 2010 Administrator's Handbook

Microsoft Forefront UAG 2010 Administrator's Handbook


About the Authors

About the Reviewers


Planning Your Deployment

Basic principles

How UAG works

Software requirements

Hardware requirements

Considerations for placing the server

Planning the networking infrastructure

Domain membership

Planning remote connectivity

Load balancing and high availability

Choosing clients

From test to production

Tips for a successful deployment


Installing UAG

What the installation contains

Preparing your server


Post installation issues


UAG Building Blocks

What are trunks and applications?

Types of trunks

Types of applications

What is URL signing and how does it work?

Designing your trunks, applications, and nesting

Some common applications and the appropriate templates

DNS name resolution

Preparing for an HTTPS trunk

Creating an HTTPS trunk

Publishing an HTTP trunk

What happens when you add a trunk?


Publishing Web Applications

The four steps to application publishing

Application specific hostname applications versus Portal hostname applications

The Add Application Wizard

Application order

Considerations for Exchange publishing

Considerations for SharePoint publishing

Sharepoint and IE security enhancements

What is the Active Directory Federation Services 2.0 application?

Certificate validation for published web servers

Did you remember to activate?


Advanced Applications and Services

Advanced application types

Remote connectivity

Configuring browser embedded applications

Configuring client/server applications

Local Drive Mapping

Remote Network Access

SSL Network Tunneling (Network Connector)


Remote Desktop applications

Remote Desktop RDG templates

Remote Desktop considerations

File Access


Authenticating and Controlling Access

UAG session and authentication concepts

Trunk level authentication settings

Authentication servers

Application level authentication settings

Application authorization settings

AD FS 2.0


Configuring UAG Clients

What are the client components?

Supported platforms

Installing and uninstalling the client components

Preemptive installation of the components

Checking the client components version

The trusted sites list

Don't need the Client components?


Endpoint Policies

What endpoint policies can do and how they work?

Endpoint policies access type

Platform specific policies

Assigning endpoint policies

Built-in policies

Choosing or designing the appropriate policies for your organization

Creating policies using the policy editor

Editing policies in script mode

Configuring upload and download settings

Configuring restricted zone settings

Certified Endpoints

Integration with Network Access Protection

How does NAP work?

Configuring UAG to use NAP


Server Maintenance and Upkeep

Who needs monitoring?

The UAG activation monitor

The UAG Web Monitor

Configuring UAG event logging

UAG services

UAG and the System Event Log

Publishing the UAG Web Monitor

Live Monitoring using TMG

The Windows Performance Monitor

Running a server trace

Updating the server with Windows Updates

Updating the server with UAG updates

Other updates

Antivirus on the server and other tools

Backing up UAG

Restoring UAG (to itself, and to other servers)


Advanced Configuration

Basic trunk configuration

Advanced configuration overview

The General tab

The Authentication tab

The Session tab

The Application Customization tab

The Portal tab

The URL Inspection tab

Global URL Settings and URL Set tabs

Rule editing and modification

NLB and Arrays

Adding load balancing into the mix

Putting it all together



What's in it for me?

A little bit of history

How does DirectAccess work?

IPSec and its tunnels

IPv6—what's the big deal?

Hardware considerations

Connecting your server to the Internet

The Network Location Server

More infrastructure considerations

Client connection modes

Setting up the IP-HTTPS public site

DirectAccess name resolution

ISATAP, DNS64, and NAT64

Tunneling mode

DirectAccess Connectivity Assistant

Putting it all together

Wizard Rime

Keeping an eye on the server





Administrative errors

Portal and Trunk issues

Application issues

Client issues

Customization issues

General errors

What's next?


Introduction to RegEx RegEx

Introduction to RegEx RegEx

Introduction to RegEx RegEx

Introduction to RegEx RegEx

Introduction to RegEx RegEx

Introduction to RegEx RegEx

Introduction to ASP

Introduction to ASP

Introduction to ASP

Introduction to ASP

Introduction to ASP

Introduction to ASP

Introduction to ASP

Introduction to ASP