Book Image

Microsoft Forefront UAG 2010 Administrator's Handbook

By : Erez Ben-Ari, Ran Dolev, Erez Y Ben
Book Image

Microsoft Forefront UAG 2010 Administrator's Handbook

By: Erez Ben-Ari, Ran Dolev, Erez Y Ben

Overview of this book

Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers. This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product’s development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting. The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine “upkeep” tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product.
Table of Contents (21 chapters)
Microsoft Forefront UAG 2010 Administrator's Handbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Tips for a successful deployment


At this point, UAG does not include the ability to remotely manage the server directly via the use of an MMC add-in, so to manage the server an administrator would have to access it physically via the console, or using Windows Remote-Desktop. Naturally, because the UAG is a gateway into your network, using RDP to connect to it can be risky. If UAG is hacked into, it might compromise your network more than just any regular workstation, so this should be planned carefully. It's also possible to enable remote desktop to the UAG server from outside, as a published application, although we still consider this to be a risky move for the same reasons. The fact of the matter is that most administrators want to have as many ways available to manage their servers, and we need to keep in mind that as we make things easier for ourselves, we usually make it easy for potential attackers as well, often increasing our exposure. For example, you might not allow external access to UAG, but you do publish your own workstation. An attacker breaks into your station this way, and can break into UAG from the "inside". Bottom line: to stay as secure as possible, be a little paranoid, and try to resist temptation to make everything possible remotely. We will discuss Remote Desktop publishing in more detail in Chapter 5.

Deployment checklist

When planning your deployment, use the following checklist to make sure you have prepared for everything:

  • Software requirements met:

    • Virtual Machine or Appliance

    • Windows Server 2008 R2

    • Clean server

    • All available Windows updates installed

    • No additional software installed

    • You have administrative permissions on the server

  • Hardware requirements:

    • 64 Bit processor

    • 2.66 GHz or higher

    • 2 Network Cards

    • 4 GB of RAM

    • 40 GB of free disk space

  • IP assignment to server NICs

  • DNS config on server

  • Public DNS mapping is configured correctly

  • Mapped out applications, URLs, Ports and IPs to be published

  • List of clients that will be in use

  • Will you be using HTTP or HTTPS?

  • Server placement - physical and logical

  • Front-end firewall/router config prepared

  • Back-end firewall/router config prepared

  • Will it be Remote management or Local management?

  • Domain membership of the server

  • Deployment schedule

Do's and Don'ts for a successful deployment

  • Do analyze your client needs and usage statistics

  • Do prepare ample time to experiment with the product before going into production

  • Do perform baseline performance testing regularly, to avoid surprises at production time

  • Do map your applications' properties and prepare a written plan

  • Do prepare a support plan for your server, as most support calls may be at night or weekends

  • Do consider using an experienced consultant, especially if your deployment involves sensitive material, or is time critical

  • Do plan your routing and networking carefully—it's one of the common causes of failure

  • Don't try to use your server to host other functions or roles

  • Don't fiddle with TMG and IIS configuration before, during, or after installation

  • Don't assume that any and all applications can be published with UAG