Microsoft Forefront UAG 2010 Administrator's Handbook
|Also available on:|
- Maximize your business results by fully understanding how to plan your UAG integration
- Consistently be ahead of the game by taking control of your server with backup and advanced monitoring
- An essential tutorial for new users and a great resource for veterans
- Uncover the advantages and ease of use of Direct Access, the latest VPN technology from Microsoft
- Packed with detailed explanations of concepts, terms and technologies, with hand-in-hand guidance through the tough parts
- Includes the most updated information, up to and including Service Pack 1 for UAG 2010
Table of ContentsPreface
Chapter 1: Planning Your Deployment
Chapter 2: Installing UAG
Chapter 3: UAG Building Blocks
Chapter 4: Publishing Web Applications
Chapter 5: Advanced Applications and Services
Chapter 6: Authenticating and Controlling Access
Chapter 7: Configuring UAG Clients
Chapter 8: Endpoint Policies
Chapter 9: Server Maintenance and Upkeep
Chapter 10: Advanced Configuration
Chapter 11: DirectAccess
Chapter 12: Troubleshooting
Appendix A: Introduction to RegEx RegEx
Appendix B: Introduction to ASP
- Chapter 1: Planning Your Deployment
- Basic principles
- How UAG works
- Software requirements
- Hardware requirements
- Considerations for placing the server
- Planning the networking infrastructure
- Domain membership
- Planning remote connectivity
- Load balancing and high availability
- Choosing clients
- From test to production
- Tips for a successful deployment
- Deployment checklist
- Do's and Don'ts for a successful deployment
- Chapter 2: Installing UAG
- What the installation contains
- Service Packs and updates
- Preparing your server
- Pre-installation checklist
- Preparing the installation files
- Verifying the installation
- Running the Getting Started Wizard
- Applying updates or Service Packs
- Common issues during installation
- Post installation issues
- Chapter 3: UAG Building Blocks
- What are trunks and applications?
- Types of trunks
- Types of applications
- Built-in services
- Web applications
- Client/Server and Legacy
- Browser-embedded applications
- Terminal Services (TS) / Remote Desktop Services (RDS)
- What is URL signing and how does it work?
- Designing your trunks, applications, and nesting
- Some common applications and the appropriate templates
- DNS name resolution
- Preparing for an HTTPS trunk
- Asymmetric encryption
- Digital certificates
- Creating an HTTPS trunk
- Publishing an HTTP trunk
- What happens when you add a trunk?
- Chapter 4: Publishing Web Applications
- The four steps to application publishing
- Application specific hostname applications versus Portal hostname applications
- The Add Application Wizard
- Application order
- Considerations for Exchange publishing
- Considerations for SharePoint publishing
- Different internal and external names
- Same internal and external FQDN names but different protocols
- Same internal and external names and protocols
- Sharepoint and IE security enhancements
- What is the Active Directory Federation Services 2.0 application?
- Certificate validation for published web servers
- Did you remember to activate?
- Chapter 5: Advanced Applications and Services
- Advanced application types
- Remote connectivity
- Configuring browser embedded applications
- Configuring client/server applications
- Enhanced Generic Client Applications
- Enhanced HAT
- Generic HTTP Proxy Enabled Client Application
- Generic SOCKS Enabled Client Application
- Citrix Program Neighborhood (Direct)
- Outlook (corporate/workgroup mode)
- SSL Application Tunneling component automatic disconnection
- Local Drive Mapping
- Remote Network Access
- SSL Network Tunneling (Network Connector)
- Planning for Network Connector
- Adding Network Connector to the portal
- Configuring the Network Connector server
- Activating and testing the Network Connector
- Network Connector disconnecting?
- Remote Desktop applications
- Remote Desktop RDG templates
- Remote Desktop—predefined and user defined
- Remote Desktop considerations
- File Access
- Preparing to Publish File Access
- Configuring File Access Domains, Servers, and Shares
- Using File Access
- More fun with File Access
- Chapter 6: Authenticating and Controlling Access
- UAG session and authentication concepts
- The basic authentication flow
- Trunk level authentication settings
- Authentication servers
- RSA SecurID
- Authentication server of the type "Other"
- Smart card/client certificate authentication
- Special handling for MS Office Rich Clients
- Application level authentication settings
- Handling form based authentication to backend applications
- Kerberos constrained delegation
- Application authorization settings
- Local groups
- AD FS 2.0
- Requirements and limitations for AD FS 2.0 in UAG
- Configuring the AD FS 2.0 authentication server in UAG
- Additional configuration steps on the AD FS 2.0 server
- Chapter 7: Configuring UAG Clients
- What are the client components?
- Endpoint detection
- SSL Application Tunneling component
- Socket Forwarding
- SSL Network Tunneling component
- Endpoint Session Cleanup component
- Supported platforms
- Installing and uninstalling the client components
- Preemptive installation of the components
- Checking the client components version
- The trusted sites list
- Don't need the Client components?
- Chapter 8: Endpoint Policies
- What endpoint policies can do and how they work?
- How it works?
- Endpoint policies access type
- Platform specific policies
- Assigning endpoint policies
- Built-in policies
- Choosing or designing the appropriate policies for your organization
- Creating policies using the policy editor
- Editing policies in script mode
- Configuring upload and download settings
- Identify by URL
- Identify by extension
- Identify by size
- Configuring restricted zone settings
- Certified Endpoints
- Integration with Network Access Protection
- How does NAP work?
- Configuring UAG to use NAP
- Chapter 9: Server Maintenance and Upkeep
- Who needs monitoring?
- The UAG activation monitor
- The UAG Web Monitor
- Monitoring sessions
- Endpoint Information
- Session Statistics
- Monitoring applications and users
- Monitoring server farms
- Monitoring server array members
- Event Viewer
- Event Query
- Configuring UAG event logging
- Queue and report size
- RADIUS and Syslog
- UAG services
- UAG and the System Event Log
- Publishing the UAG Web Monitor
- Live Monitoring using TMG
- The Windows Performance Monitor
- Running a server trace
- Updating the server with Windows Updates
- Updating the server with UAG updates
- Other updates
- Antivirus on the server and other tools
- Backing up UAG
- Restoring UAG (to itself, and to other servers)
- Chapter 10: Advanced Configuration
- Basic trunk configuration
- Advanced configuration overview
- The General tab
- The Authentication tab
- The Session tab
- The Application Customization tab
- The Portal tab
- The URL Inspection tab
- Global URL Settings and URL Set tabs
- Rule editing and modification
- NLB and Arrays
- Adding load balancing into the mix
- Putting it all together
- Chapter 11: DirectAccess
- What's in it for me?
- A little bit of history
- How does DirectAccess work?
- IPSec and its tunnels
- IPv6—what's the big deal?
- Hardware considerations
- Connecting your server to the Internet
- The Network Location Server
- More infrastructure considerations
- Client connection modes
- Setting up the IP-HTTPS public site
- DirectAccess name resolution
- ISATAP, DNS64, and NAT64
- Tunneling mode
- DirectAccess Connectivity Assistant
- Putting it all together
- Wizard Rime
- Client and GPO configuration
- The DirectAccess Connectivity Assistant
- DirectAccess Server configuration
- Infrastructure Servers configuration
- End-to-End Access configuration
- Keeping an eye on the server
- Removing DirectAccess
- Setup and configuration errors
- Whose fault is it?
- DCA to the rescue
- Server related issues
- Client side issues
- Transition technology issues
- Advanced troubleshooting
- Additional resources
- Chapter 12: Troubleshooting
- Administrative errors
- File Access
- SSL Network Tunneling
- Certificate problems during activation
- Backup and restore
- Updating the server
- Portal and Trunk issues
- Application issues
- Common application publishing mishaps
- Blocking uploads and downloads
- URL limits
- Server Performance
- Other optimizations
- SharePoint issues
- SSL tunneling
- Other server and application issues
- Client issues
- RDS client issues
- Misc client issues
- Customization issues
- General errors
- Tracing problems
- What's next?
- Appendix A: Introduction to RegEx RegEx
- Why do I need this?
- What are Regular Expressions?
- The UAG RegEx RegEx syntax
- Special characters
- Appendix B: Introduction to ASP
- What is ASP, and how does it work?
- What can you do with it?
- Getting started with ASP
- Putting the pieces together
- Some more ASP principles
- No one likes to repeat himself
- So, what's in it for me?
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
What you will learn from this book
- Understand how UAG can help your organization with secure remote access.
- Plan and design the integration of UAG into your unique environment.
- Create trunks and publish all kinds of applications on them.
- Enable VPN access for multiple platforms.
- Design and implement DirectAccess for your organization.
- Manage endpoint security with advanced policies.
- Monitor, maintain and secure your Microsoft server.
- Integrate UAG with multiple infrastructures and platforms.
- Discover various types of applications UAG can publish, and how to publish them.
- Learn how to provide remote access to your users or partners using SSL technology.
- Take advantage of single sign-on with low administrative overhead and high security.
- Integrate UAG with existing authentication infrastructure like Active Directory.
- Gain knowledge of advanced endpoint management for ultimate security in a world of unknowns.
- Perform troubleshooting and solve problems like the pros.
- Integrate UAG with AD FS V2 for maximum corporate flexibility and security.
- Discover how to publish Microsoft Office SharePoint Server 2007 and 2010 securely
- Find out how UAG interacts with TMG 2010 (the successor to ISA server 2004)
Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers.
This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting.
The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.
Explore Microsoft Forefront Unified Access Gateway’s wide range of features and abilities to publish applications to remote users or partners, and provide remote-access to your network with world-class security.
This book is a hands-on guide, describing concepts, ideas and terminology related to UAG and related technologies. The book starts with a discussion of terms that UAG technology is based on, and proceeds with step-by-step guidance for performing the various tasks related to UAG's core features. Each topic is preceded by a discussion of considerations that the administrator and the organization needs to go through to prepare for the task at hand, and includes plenty of screenshots illustrating what the administrator should expect to see on-screen, with real-life examples of configuration options.
Who this book is for
If you are a Networking or Security engineer who intends to integrate UAG into the organization network, then this book is for you. You need no experience with UAG or its predecessors, though basic understanding of Networking and Windows Server management and engineering is required. Experience with security systems like Firewalls would also help you to better understand some of the topics covered by this book.