Deploying Microsoft® Forefront® Unified Access Gateway 2010

Book description

Plan, design, and deploy Forefront United Access (UAG) with insights straight from the Forefront team at Microsoft. Forefront Unified Access Gateway (UAG)--the evolution of the Microsoft Intelligent Application Gateway (IAG)--delivers a more robust and transparent solution for inbound access from anywhere. This pragmatic guide drills into system components and capabilities, identifies software and hardware requirements, and provides scenario-based advice for planning and design, including policy control and availability and scalability considerations. You'll learn how to plan and deploy an SSL VPN solution for your environment, and how to publish applications through Forefront UAG, including Microsoft Exchange Server, SharePoint(R) 2010, and Windows Server(R) 2008 Remote Desktop Services.

Table of contents

  1. Acknowledgments
    1. With thanks...
    2. From Yuri
    3. From Tom
  2. Introduction
    1. Who Is This Book For?
    2. How Is This Book Organized?
    3. Support for This Book
    4. We Want to Hear from You
  3. 1. Understanding Forefront Unified Access Gateway
    1. From IAG to Forefront UAG
    2. What’s New in Forefront UAG
      1. Improvements for Installation and Deployment
        1. 64-Bit Software Installation
        2. A Pre-Configured Virtual Appliance Option
        3. Enhanced Host-based and Network Firewall
        4. Getting Started Wizard
      2. High Availability and Scalability
      3. UAG as a DirectAccess Server
      4. New Publishing Capabilities
        1. Client/Server Application Publishing
        2. Exchange Services Publishing
        3. SharePoint Publishing
        4. Remote Desktop Gateway Publishing
      5. Remote Access Client VPN Services
      6. Other New Features
    3. When to Use Forefront UAG
    4. Administrator’s Punch List
  4. 2. Planning and Installing Forefront UAG
    1. Planning Forefront UAG Deployment
      1. Corporate Access Model
      2. Name Resolution
        1. Internet Name Resolution
        2. Internal Name Resolution
      3. Public Key Infrastructure
      4. Domain and Workgroup Membership
      5. IPv6 Considerations
      6. External and Internal Firewalls
      7. Fault Tolerance and Load Balancing
      8. Network Access Protection
    2. Hardware Requirements
    3. Software Requirements
      1. Forefront UAG Server Software Requirements
      2. Forefront UAG Client Requirements
    4. Installing Forefront UAG
    5. Configuring Forefront UAG
    6. Deploying a Forefront UAG Array
      1. Requirements
      2. Creating an Array
    7. Administrator’s Punch List
  5. 3. Publishing Applications through Forefront UAG
    1. Understanding the Publishing Mechanism on Forefront UAG
      1. Authentication Repository
      2. Creating a Portal Trunk
      3. Client Experience
    2. Publishing Exchange
    3. Publishing Remote Desktop Services
      1. Why Use Forefront UAG to Publish Remote Desktop Services?
      2. Publishing RemoteApp Programs
      3. Publishing an Administrator-Controlled Remote Desktop
      4. Publishing User-Defined Desktops
    4. Publishing SharePoint
      1. Why Use Forefront UAG as a SharePoint Publishing Solution?
      2. Forefront UAG Web Site Certificate Requirements
      3. Publishing a Simple Windows SharePoint Services 3.0 Web Site
      4. Validating the Configuration
    5. Administrator’s Punch List
  6. 4. Implementing SSL VPN with Forefront UAG
    1. Understanding SSL VPN Options
    2. Planning and Configuring SSTP
      1. Configuring SSTP on Forefront UAG
      2. Client Experience with SSTP
    3. Configuring SSL Network Tunneling
      1. Customizing Network Connector Settings
      2. Client Experience with Network Connector
    4. Administrator’s Punch List
  7. 5. Implementing Forefront UAG with DirectAccess
    1. How DirectAccess Works
      1. DirectAccess Client Connectivity
      2. IPv6 Transition Technologies
      3. The Name Resolution Policy Table (NRPT)
      4. Forefront UAG NAT64/DNS64 and IPv4-Only Corporate Resources
      5. Infrastructure Components of a Forefront UAG DirectAccess Solution
        1. Active Directory Domain Services and Group Policy
        2. Domain Name Services (DNS)
        3. Public Key Infrastructure and Windows Active Directory Certificate Services
        4. Network Location Servers
        5. Certificate Revocation List (CRL) servers
        6. Windows Firewall with Advanced Security and Network Firewalls
        7. Remote Access VPN Servers
      6. DirectAccess Security Considerations
        1. The Bolted-in Corporate Network Client
        2. The Roaming Remote Access VPN Client
        3. The DirectAccess Client
        4. The First Tunnel Issue
        5. What about Split Tunneling?
      7. Summary of the DirectAccess Client Security Model
    2. Forefront UAG 2010 DirectAccess Requirements
    3. Forefront UAG 2010 DirectAccess Configuration Wizard
      1. Running the Forefront UAG DirectAccess Wizard
    4. Administrator’s Punch List
  8. A. About the Authors
    1. Yuri Diogenes
    2. Dr. Thomas W. Shinder
  9. B. Resources for Microsoft Exchange Server and Forefront
  10. C. Windows Server 2008—Resources for Administrators
    1. Also See
  11. About the Authors
  12. Copyright

Product information

  • Title: Deploying Microsoft® Forefront® Unified Access Gateway 2010
  • Author(s): Yuri Diogenes and Dr. Thomas W. Shinder
  • Release date: November 2010
  • Publisher(s): Microsoft Press
  • ISBN: 9780735656758