PacktLib: Microsoft Forefront UAG 2010 Administrator's Handbook

Microsoft Forefront UAG 2010 Administrator's Handbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Preface

Planning Your Deployment

Basic principles

How UAG works

Software requirements

Hardware requirements

Considerations for placing the server

Planning the networking infrastructure

Domain membership

Planning remote connectivity

Load balancing and high availability

Choosing clients

From test to production

Tips for a successful deployment

Summary

Installing UAG

What the installation contains

Preparing your server

Installation

Post installation issues

Summary

UAG Building Blocks

What are trunks and applications?

Types of trunks

Types of applications

What is URL signing and how does it work?

Designing your trunks, applications, and nesting

Some common applications and the appropriate templates

DNS name resolution

Preparing for an HTTPS trunk

Creating an HTTPS trunk

Publishing an HTTP trunk

What happens when you add a trunk?

Summary

Publishing Web Applications

The four steps to application publishing

Application specific hostname applications versus Portal hostname applications

The Add Application Wizard

Application order

Considerations for Exchange publishing

Considerations for SharePoint publishing

Sharepoint and IE security enhancements

What is the Active Directory Federation Services 2.0 application?

Certificate validation for published web servers

Did you remember to activate?

Summary

Advanced Applications and Services

Advanced application types

Remote connectivity

Configuring browser embedded applications

Configuring client/server applications

Local Drive Mapping

Remote Network Access

SSL Network Tunneling (Network Connector)

SSTP

Remote Desktop applications

Remote Desktop RDG templates

Remote Desktop considerations

File Access

Summary

Authenticating and Controlling Access

UAG session and authentication concepts

Trunk level authentication settings

Authentication servers

Application level authentication settings

Application authorization settings

AD FS 2.0

Summary

Configuring UAG Clients

What are the client components?

Supported platforms

Installing and uninstalling the client components

Preemptive installation of the components

Checking the client components version

The trusted sites list

Don't need the Client components?

Summary

Endpoint Policies

What endpoint policies can do and how they work?

Endpoint policies access type

Platform specific policies

Assigning endpoint policies

Built-in policies

Choosing or designing the appropriate policies for your organization

Creating policies using the policy editor

Editing policies in script mode

Configuring upload and download settings

Configuring restricted zone settings

Certified Endpoints

Integration with Network Access Protection

How does NAP work?

Configuring UAG to use NAP

Summary

Server Maintenance and Upkeep

Who needs monitoring?

The UAG activation monitor

The UAG Web Monitor

Configuring UAG event logging

UAG services

UAG and the System Event Log

Publishing the UAG Web Monitor

Live Monitoring using TMG

The Windows Performance Monitor

Running a server trace

Updating the server with Windows Updates

Updating the server with UAG updates

Other updates

Antivirus on the server and other tools

Backing up UAG

Restoring UAG (to itself, and to other servers)

Summary

Advanced Configuration

Basic trunk configuration

Advanced configuration overview

The General tab

The Authentication tab

The Session tab

The Application Customization tab

The Portal tab

The URL Inspection tab

Global URL Settings and URL Set tabs

Rule editing and modification

NLB and Arrays

Adding load balancing into the mix

Putting it all together

Summary

DirectAccess

What's in it for me?

A little bit of history

How does DirectAccess work?

IPSec and its tunnels

IPv6—what's the big deal?

Hardware considerations

Connecting your server to the Internet

The Network Location Server

More infrastructure considerations

Client connection modes

Setting up the IP-HTTPS public site

DirectAccess name resolution

ISATAP, DNS64, and NAT64

Tunneling mode

DirectAccess Connectivity Assistant

Putting it all together

Wizard Rime

Keeping an eye on the server

Administrative errors

Portal and Trunk issues

Introduction to RegEx RegEx

Introduction to ASP

Index