At this point, UAG does not include the ability to remotely manage the server directly via the use of an MMC add-in, so to manage the server an administrator would have to access it physically via the console, or using Windows Remote-Desktop. Naturally, because the UAG is a gateway into your network, using RDP to connect to it can be risky. If UAG is hacked into, it might compromise your network more than just any regular workstation, so this should be planned carefully. It's also possible to enable remote desktop to the UAG server from outside, as a published application, although we still consider this to be a risky move for the same reasons. The fact of the matter is that most administrators want to have as many ways available to manage their servers, and we need to keep in mind that as we make things easier for ourselves, we usually make it easy for potential attackers as well, often increasing our exposure. For example, you might not allow external access to UAG, but you do publish your own workstation. An attacker breaks into your station this way, and can break into UAG from the "inside". Bottom line: to stay as secure as possible, be a little paranoid, and try to resist temptation to make everything possible remotely. We will discuss Remote Desktop publishing in more detail in Chapter 5.
When planning your deployment, use the following checklist to make sure you have prepared for everything:
Software requirements met:
Virtual Machine or Appliance
Windows Server 2008 R2
Clean server
All available Windows updates installed
No additional software installed
You have administrative permissions on the server
Hardware requirements:
64 Bit processor
2.66 GHz or higher
2 Network Cards
4 GB of RAM
40 GB of free disk space
IP assignment to server NICs
DNS config on server
Public DNS mapping is configured correctly
Mapped out applications, URLs, Ports and IPs to be published
List of clients that will be in use
Will you be using HTTP or HTTPS?
Server placement - physical and logical
Front-end firewall/router config prepared
Back-end firewall/router config prepared
Will it be Remote management or Local management?
Domain membership of the server
Do prepare ample time to experiment with the product before going into production
Do perform baseline performance testing regularly, to avoid surprises at production time
Do map your applications' properties and prepare a written plan
Do prepare a support plan for your server, as most support calls may be at night or weekends
Do consider using an experienced consultant, especially if your deployment involves sensitive material, or is time critical
Do plan your routing and networking carefully—it's one of the common causes of failure
Don't try to use your server to host other functions or roles
Don't fiddle with TMG and IIS configuration before, during, or after installation
Don't assume that any and all applications can be published with UAG