Book Image

Microsoft Forefront UAG 2010 Administrator's Handbook

By : Erez Ben-Ari, Ran Dolev, Erez Y Ben
Book Image

Microsoft Forefront UAG 2010 Administrator's Handbook

By: Erez Ben-Ari, Ran Dolev, Erez Y Ben

Overview of this book

Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers. This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting. The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.
Table of Contents (21 chapters)
Microsoft Forefront UAG 2010 Administrator's Handbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

From test to production


For most organizations, a UAG deployment is a lengthy process. Some applications are easy and quick to deploy, but some might take some experimentation and tweaking to get just right. For this reason, most organizations prefer to start by setting up their server in a test or temporary environment, and roll it out to production only at a later point in time. Some organizations even keep a non-production system online on a regular basis as a test platform for new applications, or as a way to verify new service packs or updates to products (incl. UAG itself) before committing them to the scrutiny of their users.

As we mentioned earlier, it is very important to have the test environment simulate the real world as closely as possible. We have seen many deployments where an administrator tried to conserve resources by having the UAG server use only one NIC and connecting it to both the logical "internal" and "external" networks. We have also seen many cases where the administrator connected the UAG's "external" interface to his corporate network, so they can leverage corporate PCs as test clients. Both of these scenarios are invalid, and can cause failure very early on. Even worse, they can lure the administrator into a false sense of security if things appear to be working out, but when the server is finally put in the line of fire, things could go sour in a heartbeat.

A single-NIC scenario (where both internal servers and clients interact with UAG from the same side) can be made to work in some cases, but it's not supported by Microsoft, and so should be avoided. A reversed-side scenario is a problem because UAG's firewall, TMG, defines the external network as "dangerous" and limits connectivity from it. TMG may block access to the domain controllers because of that, and this not only can prevent some applications from working, but it can also cause some of the fundamental services for UAG and TMG to fail, and ruin the party.