Book Image

Microsoft Forefront UAG 2010 Administrator's Handbook

By : Erez Ben-Ari, Ran Dolev, Erez Y Ben
Book Image

Microsoft Forefront UAG 2010 Administrator's Handbook

By: Erez Ben-Ari, Ran Dolev, Erez Y Ben

Overview of this book

Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers. This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting. The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.
Table of Contents (21 chapters)
Microsoft Forefront UAG 2010 Administrator's Handbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Hardware requirements


Since UAG is installed on top of Windows Server 2008 R2, the hardware requirements are combined with those of R2. The primary requirement for R2 is having a 64 Bit processor and 32 GB of free disk space, and that's easy enough to get these days. UAG's minimal requirements are that the processor is a dual-core one, running at 2.66 GHz or faster, 4 GB of memory, and an extra 2.5 GB of disk space.

In reality, UAG can run on weaker systems, so if you just need to install it temporarily for a proof-of-concept or for training purposes, you could get away with a lot less (though installing it on a Commodore-64 is really taking it too far). For production environments, the stronger the better, especially with memory size, as going with the bare minimum may limit the number of concurrent users the server can handle.

If you were hoping to learn here how many concurrent users the server can support, you're in for a disappointment. While some other server software has a very linear model for client support, UAG's performance varies significantly by the type of applications that are published and the way users use them. For example, RDP applications transfer a lot of data back-and-forth between the client and the target internal server, so that would put more stress on the UAG server compared to a typical intranet, mostly-text web portal. The only way to know with a reasonable amount of certainty how many users your server can support is with a baseline performance analysis. That would include analyzing typical user activity and simulating multiple users in a test-environment, while using the built-in Performance Monitor to see how things are going. Doing performance analysis is not easy, and there's always a risk of miscalculating, but be wary of skipping this just because a sales person claims your server can support "thousands" or "millions" of users. We have seen quite a few deployments where the customer found out too late that they require more servers, and that was not only costly, but also quite frustrating and embarrassing to all parties involved

We already mentioned the Networking requirements earlier, but it's worth repeating. A UAG server is a router, and as such, needs two Network cards. If you are deploying on a virtual machine, this is rather easy, but if it's a physical, make sure you have two real NICs in place. There's no harm in having additional cards, although one must carefully plan the IP, Mask and Gateway settings so as to not arrive at a configuration that will prevent the routing mechanisms of TMG from making the correct decisions as to where to send packets and block dangerous or inappropriate traffic.