O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Microsoft Forefront UAG 2010 Administrator's Handbook

Book Description

Integrating UAG into your organization’s network will always be a challenge, but this manual will make life easier. It’s the only book solely dedicated to UAG and covers everything with a simple, user-friendly approach.

  • Maximize your business results by fully understanding how to plan your UAG integration
  • Consistently be ahead of the game by taking control of your server with backup and advanced monitoring
  • An essential tutorial for new users and a great resource for veterans
  • Uncover the advantages and ease of use of Direct Access, the latest VPN technology from Microsoft
  • Packed with detailed explanations of concepts, terms and technologies, with hand-in-hand guidance through the tough parts
  • Includes the most updated information, up to and including Service Pack 1 for UAG 2010

In Detail

Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers.

This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting.

The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.

Explore Microsoft Forefront Unified Access Gateway’s wide range of features and abilities to publish applications to remote users or partners, and provide remote-access to your network with world-class security.

Table of Contents

  1. Microsoft Forefront UAG 2010 Administrator's Handbook
    1. Copyright
    2. Credits
    3. About the Authors
    4. About the Reviewers
    5. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
        3. Instant Updates on New Packt Books
    6. Preface
      1. What this book covers
      2. What you need for this book
        1. Who this book for
          1. UAG versus IAG
          2. What's in the box?
      3. Conventions
      4. Reader feedback
        1. Errata
        2. Piracy
        3. Questions
    7. 1. Planning Your Deployment
      1. Basic principles
      2. How UAG works
      3. Software requirements
      4. Hardware requirements
      5. Considerations for placing the server
      6. Planning the networking infrastructure
      7. Domain membership
      8. Planning remote connectivity
      9. Load balancing and high availability
      10. Choosing clients
      11. From test to production
      12. Tips for a successful deployment
        1. Deployment checklist
        2. Do's and Don'ts for a successful deployment
      13. Summary
    8. 2. Installing UAG
      1. What the installation contains
        1. Service Packs and updates
      2. Preparing your server
        1. Pre-installation checklist
        2. Preparing the installation files
      3. Installation
        1. Verifying the installation
        2. Running the Getting Started Wizard
        3. Applying updates or Service Packs
        4. Common issues during installation
      4. Post installation issues
      5. Summary
    9. 3. UAG Building Blocks
      1. What are trunks and applications?
      2. Types of trunks
      3. Types of applications
        1. Built-in services
        2. Web applications
        3. Client/Server and Legacy
        4. Browser-embedded applications
        5. Terminal Services (TS) / Remote Desktop Services (RDS)
      4. What is URL signing and how does it work?
      5. Designing your trunks, applications, and nesting
      6. Some common applications and the appropriate templates
      7. DNS name resolution
      8. Preparing for an HTTPS trunk
        1. Asymmetric encryption
        2. Digital certificates
      9. Creating an HTTPS trunk
      10. Publishing an HTTP trunk
      11. What happens when you add a trunk?
      12. Summary
    10. 4. Publishing Web Applications
      1. The four steps to application publishing
      2. Application specific hostname applications versus Portal hostname applications
      3. The Add Application Wizard
      4. Application order
      5. Considerations for Exchange publishing
      6. Considerations for SharePoint publishing
        1. Different internal and external names
        2. Same internal and external FQDN names but different protocols
        3. Same internal and external names and protocols
      7. Sharepoint and IE security enhancements
      8. What is the Active Directory Federation Services 2.0 application?
      9. Certificate validation for published web servers
      10. Did you remember to activate?
      11. Summary
    11. 5. Advanced Applications and Services
      1. Advanced application types
      2. Remote connectivity
      3. Configuring browser embedded applications
      4. Configuring client/server applications
        1. Enhanced Generic Client Applications
        2. Enhanced HAT
        3. Generic HTTP Proxy Enabled Client Application
        4. Generic SOCKS Enabled Client Application
        5. Citrix Program Neighborhood (Direct)
        6. Outlook (corporate/workgroup mode)
        7. SSL Application Tunneling component automatic disconnection
      5. Local Drive Mapping
      6. Remote Network Access
      7. SSL Network Tunneling (Network Connector)
        1. Planning for Network Connector
        2. Adding Network Connector to the portal
        3. Configuring the Network Connector server
        4. Activating and testing the Network Connector
        5. Network Connector disconnecting?
      8. SSTP
      9. Remote Desktop applications
      10. Remote Desktop RDG templates
        1. Remote Desktop—predefined and user defined
      11. Remote Desktop considerations
      12. File Access
        1. Preparing to Publish File Access
        2. Configuring File Access Domains, Servers, and Shares
        3. Using File Access
        4. More fun with File Access
      13. Summary
    12. 6. Authenticating and Controlling Access
      1. UAG session and authentication concepts
        1. The basic authentication flow
      2. Trunk level authentication settings
      3. Authentication servers
        1. RADIUS
        2. RSA SecurID
        3. WinHTTP
        4. Authentication server of the type "Other"
        5. Smart card/client certificate authentication
        6. Special handling for MS Office Rich Clients
      4. Application level authentication settings
        1. Handling form based authentication to backend applications
        2. Kerberos constrained delegation
      5. Application authorization settings
        1. Local groups
      6. AD FS 2.0
        1. Requirements and limitations for AD FS 2.0 in UAG
        2. Configuring the AD FS 2.0 authentication server in UAG
        3. Additional configuration steps on the AD FS 2.0 server
      7. Summary
    13. 7. Configuring UAG Clients
      1. What are the client components?
        1. Endpoint detection
        2. SSL Application Tunneling component
        3. Socket Forwarding
        4. SSL Network Tunneling component
        5. Endpoint Session Cleanup component
      2. Supported platforms
      3. Installing and uninstalling the client components
      4. Preemptive installation of the components
      5. Checking the client components version
      6. The trusted sites list
      7. Don't need the Client components?
      8. Summary
    14. 8. Endpoint Policies
      1. What endpoint policies can do and how they work?
        1. How it works?
      2. Endpoint policies access type
      3. Platform specific policies
      4. Assigning endpoint policies
      5. Built-in policies
      6. Choosing or designing the appropriate policies for your organization
      7. Creating policies using the policy editor
      8. Editing policies in script mode
      9. Configuring upload and download settings
        1. Identify by URL
        2. Identify by extension
        3. Identify by size
      10. Configuring restricted zone settings
      11. Certified Endpoints
      12. Integration with Network Access Protection
      13. How does NAP work?
      14. Configuring UAG to use NAP
      15. Summary
    15. 9. Server Maintenance and Upkeep
      1. Who needs monitoring?
      2. The UAG activation monitor
      3. The UAG Web Monitor
        1. Monitoring sessions
          1. General
          2. Applications
          3. Endpoint Information
          4. Parameters
        2. Session Statistics
        3. Monitoring applications and users
        4. Monitoring server farms
        5. Monitoring server array members
        6. Event Viewer
        7. Event Query
      4. Configuring UAG event logging
        1. Queue and report size
        2. Built-in
        3. RADIUS and Syslog
        4. Mail
      5. UAG services
      6. UAG and the System Event Log
      7. Publishing the UAG Web Monitor
      8. Live Monitoring using TMG
      9. The Windows Performance Monitor
      10. Running a server trace
      11. Updating the server with Windows Updates
      12. Updating the server with UAG updates
      13. Other updates
      14. Antivirus on the server and other tools
      15. Backing up UAG
      16. Restoring UAG (to itself, and to other servers)
      17. Summary
    16. 10. Advanced Configuration
      1. Basic trunk configuration
      2. Advanced configuration overview
      3. The General tab
      4. The Authentication tab
      5. The Session tab
      6. The Application Customization tab
      7. The Portal tab
      8. The URL Inspection tab
      9. Global URL Settings and URL Set tabs
      10. Rule editing and modification
      11. NLB and Arrays
      12. Adding load balancing into the mix
      13. Putting it all together
      14. Summary
    17. 11. DirectAccess
      1. What's in it for me?
      2. A little bit of history
      3. How does DirectAccess work?
      4. IPSec and its tunnels
      5. IPv6—what's the big deal?
      6. Hardware considerations
      7. Connecting your server to the Internet
      8. The Network Location Server
      9. More infrastructure considerations
      10. Client connection modes
      11. Setting up the IP-HTTPS public site
      12. DirectAccess name resolution
      13. ISATAP, DNS64, and NAT64
      14. Tunneling mode
      15. DirectAccess Connectivity Assistant
      16. Putting it all together
      17. Wizard Rime
        1. Client and GPO configuration
        2. The DirectAccess Connectivity Assistant
        3. DirectAccess Server configuration
        4. Infrastructure Servers configuration
        5. End-to-End Access configuration
      18. Keeping an eye on the server
      19. Trouble?
        1. Removing DirectAccess
        2. Setup and configuration errors
        3. Whose fault is it?
        4. DCA to the rescue
        5. Server related issues
        6. Client side issues
        7. Transition technology issues
        8. Advanced troubleshooting
        9. Additional resources
      20. Summary
    18. 12. Troubleshooting
      1. Whodunnit?
      2. Administrative errors
        1. File Access
        2. SSL Network Tunneling
        3. Certificate problems during activation
        4. Backup and restore
        5. Updating the server
      3. Portal and Trunk issues
      4. Application issues
        1. Common application publishing mishaps
        2. Blocking uploads and downloads
        3. URL limits
        4. Server Performance
          1. Other optimizations
        5. SharePoint issues
        6. SSL tunneling
        7. SSTP
        8. Other server and application issues
      5. Client issues
        1. Client misbehavior
        2. RDS client issues
        3. Misc client issues
      6. Customization issues
      7. General errors
        1. Tracing problems
      8. What's next?
      9. Summary
    19. A. Introduction to RegEx RegEx
      1. Why do I need this?
      2. What are Regular Expressions?
      3. The UAG RegEx RegEx syntax
      4. Literals
      5. Special characters
    20. B. Introduction to ASP
      1. What is ASP, and how does it work?
      2. What can you do with it?
      3. Getting started with ASP
      4. Putting the pieces together
      5. Some more ASP principles
      6. No one likes to repeat himself
      7. So, what's in it for me?