Microsoft Forefront UAG 2010 Administrator's Handbook

Microsoft Forefront UAG 2010 Administrator's Handbook
eBook: $35.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $95.98    Print cover: $59.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Maximize your business results by fully understanding how to plan your UAG integration
  • Consistently be ahead of the game by taking control of your server with backup and advanced monitoring
  • An essential tutorial for new users and a great resource for veterans
  • Uncover the advantages and ease of use of Direct Access, the latest VPN technology from Microsoft
  • Packed with detailed explanations of concepts, terms and technologies, with hand-in-hand guidance through the tough parts
  • Includes the most updated information, up to and including Service Pack 1 for UAG 2010

Book Details

Language : English
Paperback : 484 pages [ 235mm x 191mm ]
Release Date : January 2011
ISBN : 1849681627
ISBN 13 : 9781849681629
Author(s) : Erez Ben-Ari, Ran Dolev
Topics and Technologies : All Books, Enterprise Products and Platforms, Microsoft Other, Enterprise, Microsoft

Table of Contents

Chapter 1: Planning Your Deployment
Chapter 2: Installing UAG
Chapter 3: UAG Building Blocks
Chapter 4: Publishing Web Applications
Chapter 5: Advanced Applications and Services
Chapter 6: Authenticating and Controlling Access
Chapter 7: Configuring UAG Clients
Chapter 8: Endpoint Policies
Chapter 9: Server Maintenance and Upkeep
Chapter 10: Advanced Configuration
Chapter 11: DirectAccess
Chapter 12: Troubleshooting
Appendix A: Introduction to RegEx RegEx
Appendix B: Introduction to ASP
  • Chapter 1: Planning Your Deployment
    • Basic principles
    • How UAG works
    • Software requirements
    • Hardware requirements
    • Considerations for placing the server
    • Planning the networking infrastructure
    • Domain membership
    • Planning remote connectivity
    • Load balancing and high availability
    • Choosing clients
    • From test to production
    • Tips for a successful deployment
      • Deployment checklist
      • Do's and Don'ts for a successful deployment
    • Summary
    • Chapter 2: Installing UAG
      • What the installation contains
        • Service Packs and updates
      • Preparing your server
        • Pre-installation checklist
        • Preparing the installation files
      • Installation
        • Verifying the installation
        • Running the Getting Started Wizard
        • Applying updates or Service Packs
        • Common issues during installation
      • Post installation issues
      • Summary
      • Chapter 3: UAG Building Blocks
        • What are trunks and applications?
        • Types of trunks
        • Types of applications
          • Built-in services
          • Web applications
          • Client/Server and Legacy
          • Browser-embedded applications
          • Terminal Services (TS) / Remote Desktop Services (RDS)
        • What is URL signing and how does it work?
        • Designing your trunks, applications, and nesting
        • Some common applications and the appropriate templates
        • DNS name resolution
        • Preparing for an HTTPS trunk
          • Asymmetric encryption
          • Digital certificates
        • Creating an HTTPS trunk
        • Publishing an HTTP trunk
        • What happens when you add a trunk?
        • Summary
        • Chapter 4: Publishing Web Applications
          • The four steps to application publishing
          • Application specific hostname applications versus Portal hostname applications
          • The Add Application Wizard
          • Application order
          • Considerations for Exchange publishing
          • Considerations for SharePoint publishing
            • Different internal and external names
            • Same internal and external FQDN names but different protocols
            • Same internal and external names and protocols
          • Sharepoint and IE security enhancements
          • What is the Active Directory Federation Services 2.0 application?
          • Certificate validation for published web servers
          • Did you remember to activate?
          • Summary
          • Chapter 5: Advanced Applications and Services
            • Advanced application types
            • Remote connectivity
            • Configuring browser embedded applications
            • Configuring client/server applications
              • Enhanced Generic Client Applications
              • Enhanced HAT
              • Generic HTTP Proxy Enabled Client Application
              • Generic SOCKS Enabled Client Application
              • Citrix Program Neighborhood (Direct)
              • Outlook (corporate/workgroup mode)
              • SSL Application Tunneling component automatic disconnection
            • Local Drive Mapping
            • Remote Network Access
            • SSL Network Tunneling (Network Connector)
              • Planning for Network Connector
              • Adding Network Connector to the portal
              • Configuring the Network Connector server
              • Activating and testing the Network Connector
              • Network Connector disconnecting?
            • SSTP
            • Remote Desktop applications
            • Remote Desktop RDG templates
              • Remote Desktop—predefined and user defined
            • Remote Desktop considerations
            • File Access
              • Preparing to Publish File Access
              • Configuring File Access Domains, Servers, and Shares
              • Using File Access
              • More fun with File Access
            • Summary
            • Chapter 6: Authenticating and Controlling Access
              • UAG session and authentication concepts
                • The basic authentication flow
              • Trunk level authentication settings
              • Authentication servers
                • RADIUS
                • RSA SecurID
                • WinHTTP
                • Authentication server of the type "Other"
                • Smart card/client certificate authentication
                • Special handling for MS Office Rich Clients
              • Application level authentication settings
                • Handling form based authentication to backend applications
                • Kerberos constrained delegation
              • Application authorization settings
                • Local groups
              • AD FS 2.0
                • Requirements and limitations for AD FS 2.0 in UAG
                • Configuring the AD FS 2.0 authentication server in UAG
                • Additional configuration steps on the AD FS 2.0 server
              • Summary
              • Chapter 7: Configuring UAG Clients
                • What are the client components?
                  • Endpoint detection
                  • SSL Application Tunneling component
                  • Socket Forwarding
                  • SSL Network Tunneling component
                  • Endpoint Session Cleanup component
                • Supported platforms
                • Installing and uninstalling the client components
                • Preemptive installation of the components
                • Checking the client components version
                • The trusted sites list
                • Don't need the Client components?
                • Summary
                • Chapter 8: Endpoint Policies
                  • What endpoint policies can do and how they work?
                    • How it works?
                  • Endpoint policies access type
                  • Platform specific policies
                  • Assigning endpoint policies
                  • Built-in policies
                  • Choosing or designing the appropriate policies for your organization
                  • Creating policies using the policy editor
                  • Editing policies in script mode
                  • Configuring upload and download settings
                    • Identify by URL
                    • Identify by extension
                    • Identify by size
                  • Configuring restricted zone settings
                  • Certified Endpoints
                  • Integration with Network Access Protection
                  • How does NAP work?
                  • Configuring UAG to use NAP
                  • Summary
                  • Chapter 9: Server Maintenance and Upkeep
                    • Who needs monitoring?
                    • The UAG activation monitor
                    • The UAG Web Monitor
                      • Monitoring sessions
                        • General
                        • Applications
                        • Endpoint Information
                        • Parameters
                      • Session Statistics
                      • Monitoring applications and users
                      • Monitoring server farms
                      • Monitoring server array members
                      • Event Viewer
                      • Event Query
                    • Configuring UAG event logging
                      • Queue and report size
                      • Built-in
                      • RADIUS and Syslog
                      • Mail
                    • UAG services
                    • UAG and the System Event Log
                    • Publishing the UAG Web Monitor
                    • Live Monitoring using TMG
                    • The Windows Performance Monitor
                    • Running a server trace
                    • Updating the server with Windows Updates
                    • Updating the server with UAG updates
                    • Other updates
                    • Antivirus on the server and other tools
                    • Backing up UAG
                    • Restoring UAG (to itself, and to other servers)
                    • Summary
                    • Chapter 10: Advanced Configuration
                      • Basic trunk configuration
                      • Advanced configuration overview
                      • The General tab
                      • The Authentication tab
                      • The Session tab
                      • The Application Customization tab
                      • The Portal tab
                      • The URL Inspection tab
                      • Global URL Settings and URL Set tabs
                      • Rule editing and modification
                      • NLB and Arrays
                      • Adding load balancing into the mix
                      • Putting it all together
                      • Summary
                      • Chapter 11: DirectAccess
                        • What's in it for me?
                        • A little bit of history
                        • How does DirectAccess work?
                        • IPSec and its tunnels
                        • IPv6—what's the big deal?
                        • Hardware considerations
                        • Connecting your server to the Internet
                        • The Network Location Server
                        • More infrastructure considerations
                        • Client connection modes
                        • Setting up the IP-HTTPS public site
                        • DirectAccess name resolution
                        • ISATAP, DNS64, and NAT64
                        • Tunneling mode
                        • DirectAccess Connectivity Assistant
                        • Putting it all together
                        • Wizard Rime
                          • Client and GPO configuration
                          • The DirectAccess Connectivity Assistant
                          • DirectAccess Server configuration
                          • Infrastructure Servers configuration
                          • End-to-End Access configuration
                        • Keeping an eye on the server
                        • Trouble?
                          • Removing DirectAccess
                          • Setup and configuration errors
                          • Whose fault is it?
                          • DCA to the rescue
                          • Server related issues
                          • Client side issues
                          • Transition technology issues
                          • Advanced troubleshooting
                          • Additional resources
                        • Summary
                        • Chapter 12: Troubleshooting
                          • Whodunnit?
                          • Administrative errors
                            • File Access
                            • SSL Network Tunneling
                            • Certificate problems during activation
                            • Backup and restore
                            • Updating the server
                          • Portal and Trunk issues
                          • Application issues
                            • Common application publishing mishaps
                            • Blocking uploads and downloads
                            • URL limits
                            • Server Performance
                              • Other optimizations
                            • SharePoint issues
                            • SSL tunneling
                            • SSTP
                            • Other server and application issues
                          • Client issues
                            • RDS client issues
                            • Misc client issues
                          • Customization issues
                          • General errors
                            • Tracing problems
                          • What's next?
                          • Summary
                            • Appendix B: Introduction to ASP
                              • What is ASP, and how does it work?
                              • What can you do with it?
                              • Getting started with ASP
                              • Putting the pieces together
                              • Some more ASP principles
                              • No one likes to repeat himself
                              • So, what's in it for me?

                              Erez Ben-Ari

                              Erez Ben-Ari is a long time Technologist and Journalist, and has worked in the Information Technology industry since 1991. During his career, Erez has provided security consulting and analysis services for some of the leading companies and organizations in the world, including Intel, IBM, Amdocs, CA, HP, NDS, Sun Microsystems, Oracle and many others. His work has gained national fame in Israel, and he has been featured in the press regularly. Having joined Microsoft in 2000, Erez worked for many years in Microsoft’s Development Center in Israel, where Microsoft’s ISA Server was developed. Being a part of the release of ISA 2000, ISA 2004 and ISA 2006, Erez held several roles, including Operation engineering, Software testing, Web-based software design and testing automation design. Now living in the United States, Erez still works for Microsoft, currently as a senior support escalation engineer for UAG.

                              As a journalist, Erez has been writing since 1995, and has written for some of the leading publications in Israel and in the United States. He has been a member of the Israeli National Press Office since 2001, and his personal blogs are read by thousands of visitors per month.Erez has also written, produced and edited content for TV and Radio, working for Israel’s TV Channel 2, Ana-Ney communications, Radio Haifa and other venues.

                              Erez is also the author of the hugely successful titles “Microsoft Forefront UAG 2010 Administrator's Handbook” and “Mastering Microsoft Forefront UAG 2010 Customization”, also by Packt Publishing. Both titles have received all 5-star reviews on Amazon and are considered to be the most comprehensive guides to UAG in existence.

                              Ran Dolev

                              Ran Dolev is a veteran of the network security and SSL VPN industries. Ran has worked with the UAG product for more than twelve years, since the product’s inception at the start-up company Whale Communications in 1998, where Ran was the first full-time developer of the product. After several years Ran moved to a services position as the EMEA Professional Services Manager for the team. In this role Ran has designed and delivered numerous IAG and UAG training sessions in North America, Europe, Middle East, Asia and Australia, to customers, partners and Microsoft employees. Ran also provides consulting and deployment services for many of Microsoft's enterprise UAG customers

                              Sorry, we don't have any reviews for this title yet.

                              Submit Errata

                              Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                              Sample chapters

                              You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                              Frequently bought together

                              Microsoft Forefront UAG 2010 Administrator's Handbook +    IBM Cognos Business Intelligence =
                              50% Off
                              the second eBook
                              Price for both: $51.15

                              Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                              What you will learn from this book

                              • Understand how UAG can help your organization with secure remote access.
                              • Plan and design the integration of UAG into your unique environment.
                              • Create trunks and publish all kinds of applications on them.
                              • Enable VPN access for multiple platforms.
                              • Design and implement DirectAccess for your organization.
                              • Manage endpoint security with advanced policies.
                              • Monitor, maintain and secure your Microsoft server.
                              • Integrate UAG with multiple infrastructures and platforms.
                              • Discover various types of applications UAG can publish, and how to publish them.
                              • Learn how to provide remote access to your users or partners using SSL technology.
                              • Take advantage of single sign-on with low administrative overhead and high security.
                              • Integrate UAG with existing authentication infrastructure like Active Directory.
                              • Gain knowledge of advanced endpoint management for ultimate security in a world of unknowns.
                              • Perform troubleshooting and solve problems like the pros.
                              • Integrate UAG with AD FS V2 for maximum corporate flexibility and security.
                              • Discover how to publish Microsoft Office SharePoint Server 2007 and 2010 securely
                              • Find out how UAG interacts with TMG 2010 (the successor to ISA server 2004)

                              In Detail

                              Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers.

                              This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting.

                              The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.

                              Explore Microsoft Forefront Unified Access Gateway’s wide range of features and abilities to publish applications to remote users or partners, and provide remote-access to your network with world-class security.


                              This book is a hands-on guide, describing concepts, ideas and terminology related to UAG and related technologies. The book starts with a discussion of terms that UAG technology is based on, and proceeds with step-by-step guidance for performing the various tasks related to UAG's core features. Each topic is preceded by a discussion of considerations that the administrator and the organization needs to go through to prepare for the task at hand, and includes plenty of screenshots illustrating what the administrator should expect to see on-screen, with real-life examples of configuration options.

                              Who this book is for

                              If you are a Networking or Security engineer who intends to integrate UAG into the organization network, then this book is for you. You need no experience with UAG or its predecessors, though basic understanding of Networking and Windows Server management and engineering is required. Experience with security systems like Firewalls would also help you to better understand some of the topics covered by this book.

                              Code Download and Errata
                              Packt Anytime, Anywhere
                              Register Books
                              Print Upgrades
                              eBook Downloads
                              Video Support
                              Contact Us
                              Awards Voting Nominations Previous Winners
                              Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                              Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software