You are previewing Microsoft Forefront UAG 2010 Administrator's Handbook.
O'Reilly logo
Microsoft Forefront UAG 2010 Administrator's Handbook

Book Description

Integrating UAG into your organization’s network will always be a challenge, but this manual will make life easier. It’s the only book solely dedicated to UAG and covers everything with a simple, user-friendly approach.

  • Maximize your business results by fully understanding how to plan your UAG integration

  • Consistently be ahead of the game by taking control of your server with backup and advanced monitoring

  • An essential tutorial for new users and a great resource for veterans

  • Uncover the advantages and ease of use of Direct Access, the latest VPN technology from Microsoft

  • Packed with detailed explanations of concepts, terms and technologies, with hand-in-hand guidance through the tough parts

  • Includes the most updated information, up to and including Service Pack 1 for UAG 2010

  • In Detail

    Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers.

    This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting.

    The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.

    Explore Microsoft Forefront Unified Access Gateway’s wide range of features and abilities to publish applications to remote users or partners, and provide remote-access to your network with world-class security.

    Table of Contents

    1. Microsoft Forefront UAG 2010 Administrator's Handbook
      1. Copyright
      2. Credits
      3. About the Authors
      4. About the Reviewers
      5. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
          3. Instant Updates on New Packt Books
      6. Preface
        1. What this book covers
        2. What you need for this book
          1. Who this book for
            1. UAG versus IAG
            2. What's in the box?
        3. Conventions
        4. Reader feedback
          1. Errata
          2. Piracy
          3. Questions
      7. 1. Planning Your Deployment
        1. Basic principles
        2. How UAG works
        3. Software requirements
        4. Hardware requirements
        5. Considerations for placing the server
        6. Planning the networking infrastructure
        7. Domain membership
        8. Planning remote connectivity
        9. Load balancing and high availability
        10. Choosing clients
        11. From test to production
        12. Tips for a successful deployment
          1. Deployment checklist
          2. Do's and Don'ts for a successful deployment
        13. Summary
      8. 2. Installing UAG
        1. What the installation contains
          1. Service Packs and updates
        2. Preparing your server
          1. Pre-installation checklist
          2. Preparing the installation files
        3. Installation
          1. Verifying the installation
          2. Running the Getting Started Wizard
          3. Applying updates or Service Packs
          4. Common issues during installation
        4. Post installation issues
        5. Summary
      9. 3. UAG Building Blocks
        1. What are trunks and applications?
        2. Types of trunks
        3. Types of applications
          1. Built-in services
          2. Web applications
          3. Client/Server and Legacy
          4. Browser-embedded applications
          5. Terminal Services (TS) / Remote Desktop Services (RDS)
        4. What is URL signing and how does it work?
        5. Designing your trunks, applications, and nesting
        6. Some common applications and the appropriate templates
        7. DNS name resolution
        8. Preparing for an HTTPS trunk
          1. Asymmetric encryption
          2. Digital certificates
        9. Creating an HTTPS trunk
        10. Publishing an HTTP trunk
        11. What happens when you add a trunk?
        12. Summary
      10. 4. Publishing Web Applications
        1. The four steps to application publishing
        2. Application specific hostname applications versus Portal hostname applications
        3. The Add Application Wizard
        4. Application order
        5. Considerations for Exchange publishing
        6. Considerations for SharePoint publishing
          1. Different internal and external names
          2. Same internal and external FQDN names but different protocols
          3. Same internal and external names and protocols
        7. Sharepoint and IE security enhancements
        8. What is the Active Directory Federation Services 2.0 application?
        9. Certificate validation for published web servers
        10. Did you remember to activate?
        11. Summary
      11. 5. Advanced Applications and Services
        1. Advanced application types
        2. Remote connectivity
        3. Configuring browser embedded applications
        4. Configuring client/server applications
          1. Enhanced Generic Client Applications
          2. Enhanced HAT
          3. Generic HTTP Proxy Enabled Client Application
          4. Generic SOCKS Enabled Client Application
          5. Citrix Program Neighborhood (Direct)
          6. Outlook (corporate/workgroup mode)
          7. SSL Application Tunneling component automatic disconnection
        5. Local Drive Mapping
        6. Remote Network Access
        7. SSL Network Tunneling (Network Connector)
          1. Planning for Network Connector
          2. Adding Network Connector to the portal
          3. Configuring the Network Connector server
          4. Activating and testing the Network Connector
          5. Network Connector disconnecting?
        8. SSTP
        9. Remote Desktop applications
        10. Remote Desktop RDG templates
          1. Remote Desktop—predefined and user defined
        11. Remote Desktop considerations
        12. File Access
          1. Preparing to Publish File Access
          2. Configuring File Access Domains, Servers, and Shares
          3. Using File Access
          4. More fun with File Access
        13. Summary
      12. 6. Authenticating and Controlling Access
        1. UAG session and authentication concepts
          1. The basic authentication flow
        2. Trunk level authentication settings
        3. Authentication servers
          1. RADIUS
          2. RSA SecurID
          3. WinHTTP
          4. Authentication server of the type "Other"
          5. Smart card/client certificate authentication
          6. Special handling for MS Office Rich Clients
        4. Application level authentication settings
          1. Handling form based authentication to backend applications
          2. Kerberos constrained delegation
        5. Application authorization settings
          1. Local groups
        6. AD FS 2.0
          1. Requirements and limitations for AD FS 2.0 in UAG
          2. Configuring the AD FS 2.0 authentication server in UAG
          3. Additional configuration steps on the AD FS 2.0 server
        7. Summary
      13. 7. Configuring UAG Clients
        1. What are the client components?
          1. Endpoint detection
          2. SSL Application Tunneling component
          3. Socket Forwarding
          4. SSL Network Tunneling component
          5. Endpoint Session Cleanup component
        2. Supported platforms
        3. Installing and uninstalling the client components
        4. Preemptive installation of the components
        5. Checking the client components version
        6. The trusted sites list
        7. Don't need the Client components?
        8. Summary
      14. 8. Endpoint Policies
        1. What endpoint policies can do and how they work?
          1. How it works?
        2. Endpoint policies access type
        3. Platform specific policies
        4. Assigning endpoint policies
        5. Built-in policies
        6. Choosing or designing the appropriate policies for your organization
        7. Creating policies using the policy editor
        8. Editing policies in script mode
        9. Configuring upload and download settings
          1. Identify by URL
          2. Identify by extension
          3. Identify by size
        10. Configuring restricted zone settings
        11. Certified Endpoints
        12. Integration with Network Access Protection
        13. How does NAP work?
        14. Configuring UAG to use NAP
        15. Summary
      15. 9. Server Maintenance and Upkeep
        1. Who needs monitoring?
        2. The UAG activation monitor
        3. The UAG Web Monitor
          1. Monitoring sessions
            1. General
            2. Applications
            3. Endpoint Information
            4. Parameters
          2. Session Statistics
          3. Monitoring applications and users
          4. Monitoring server farms
          5. Monitoring server array members
          6. Event Viewer
          7. Event Query
        4. Configuring UAG event logging
          1. Queue and report size
          2. Built-in
          3. RADIUS and Syslog
          4. Mail
        5. UAG services
        6. UAG and the System Event Log
        7. Publishing the UAG Web Monitor
        8. Live Monitoring using TMG
        9. The Windows Performance Monitor
        10. Running a server trace
        11. Updating the server with Windows Updates
        12. Updating the server with UAG updates
        13. Other updates
        14. Antivirus on the server and other tools
        15. Backing up UAG
        16. Restoring UAG (to itself, and to other servers)
        17. Summary
      16. 10. Advanced Configuration
        1. Basic trunk configuration
        2. Advanced configuration overview
        3. The General tab
        4. The Authentication tab
        5. The Session tab
        6. The Application Customization tab
        7. The Portal tab
        8. The URL Inspection tab
        9. Global URL Settings and URL Set tabs
        10. Rule editing and modification
        11. NLB and Arrays
        12. Adding load balancing into the mix
        13. Putting it all together
        14. Summary
      17. 11. DirectAccess
        1. What's in it for me?
        2. A little bit of history
        3. How does DirectAccess work?
        4. IPSec and its tunnels
        5. IPv6—what's the big deal?
        6. Hardware considerations
        7. Connecting your server to the Internet
        8. The Network Location Server
        9. More infrastructure considerations
        10. Client connection modes
        11. Setting up the IP-HTTPS public site
        12. DirectAccess name resolution
        13. ISATAP, DNS64, and NAT64
        14. Tunneling mode
        15. DirectAccess Connectivity Assistant
        16. Putting it all together
        17. Wizard Rime
          1. Client and GPO configuration
          2. The DirectAccess Connectivity Assistant
          3. DirectAccess Server configuration
          4. Infrastructure Servers configuration
          5. End-to-End Access configuration
        18. Keeping an eye on the server
        19. Trouble?
          1. Removing DirectAccess
          2. Setup and configuration errors
          3. Whose fault is it?
          4. DCA to the rescue
          5. Server related issues
          6. Client side issues
          7. Transition technology issues
          8. Advanced troubleshooting
          9. Additional resources
        20. Summary
      18. 12. Troubleshooting
        1. Whodunnit?
        2. Administrative errors
          1. File Access
          2. SSL Network Tunneling
          3. Certificate problems during activation
          4. Backup and restore
          5. Updating the server
        3. Portal and Trunk issues
        4. Application issues
          1. Common application publishing mishaps
          2. Blocking uploads and downloads
          3. URL limits
          4. Server Performance
            1. Other optimizations
          5. SharePoint issues
          6. SSL tunneling
          7. SSTP
          8. Other server and application issues
        5. Client issues
          1. Client misbehavior
          2. RDS client issues
          3. Misc client issues
        6. Customization issues
        7. General errors
          1. Tracing problems
        8. What's next?
        9. Summary
      19. A. Introduction to RegEx RegEx
        1. Why do I need this?
        2. What are Regular Expressions?
        3. The UAG RegEx RegEx syntax
        4. Literals
        5. Special characters
      20. B. Introduction to ASP
        1. What is ASP, and how does it work?
        2. What can you do with it?
        3. Getting started with ASP
        4. Putting the pieces together
        5. Some more ASP principles
        6. No one likes to repeat himself
        7. So, what's in it for me?