Microsoft Forefront UAG 2010 Administrator's Handbook电子书

Microsoft Forefront UAG 2010 Administrator's Handbook

Table of Contents

Microsoft Forefront UAG 2010 Administrator's Handbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

What this book covers

What you need for this book

Who this book for

UAG versus IAG

What's in the box?

Conventions

Reader feedback

Errata

Piracy

Questions

1. Planning Your Deployment

Basic principles

How UAG works

Software requirements

Hardware requirements

Considerations for placing the server

Planning the networking infrastructure

Domain membership

Planning remote connectivity

Load balancing and high availability

Choosing clients

From test to production

Tips for a successful deployment

Deployment checklist

Do's and Don'ts for a successful deployment

Summary

2. Installing UAG

What the installation contains

Service Packs and updates

Preparing your server

Pre-installation checklist

Preparing the installation files

Installation

Verifying the installation

Running the Getting Started Wizard

Applying updates or Service Packs

Common issues during installation

Post installation issues

Summary

3. UAG Building Blocks

What are trunks and applications?

Types of trunks

Types of applications

Built-in services

Web applications

Client/Server and Legacy

Browser-embedded applications

Terminal Services (TS) / Remote Desktop Services (RDS)

What is URL signing and how does it work?

Designing your trunks, applications, and nesting

Some common applications and the appropriate templates

DNS name resolution

Preparing for an HTTPS trunk

Asymmetric encryption

Digital certificates

Creating an HTTPS trunk

Publishing an HTTP trunk

What happens when you add a trunk?

Summary

4. Publishing Web Applications

The four steps to application publishing

Application specific hostname applications versus Portal hostname applications

The Add Application Wizard

Application order

Considerations for Exchange publishing

Considerations for SharePoint publishing

Different internal and external names

Same internal and external FQDN names but different protocols

Same internal and external names and protocols

Sharepoint and IE security enhancements

What is the Active Directory Federation Services 2.0 application?

Certificate validation for published web servers

Did you remember to activate?

Summary

5. Advanced Applications and Services

Advanced application types

Remote connectivity

Configuring browser embedded applications

Configuring client/server applications

Enhanced Generic Client Applications

Enhanced HAT

Generic HTTP Proxy Enabled Client Application

Generic SOCKS Enabled Client Application

Citrix Program Neighborhood (Direct)

Outlook (corporate/workgroup mode)

SSL Application Tunneling component automatic disconnection

Local Drive Mapping

Remote Network Access

SSL Network Tunneling (Network Connector)

Planning for Network Connector

Adding Network Connector to the portal

Configuring the Network Connector server

Activating and testing the Network Connector

Network Connector disconnecting?

SSTP

Remote Desktop applications

Remote Desktop RDG templates

Remote Desktop—predefined and user defined

Remote Desktop considerations

File Access

Preparing to Publish File Access

Configuring File Access Domains, Servers, and Shares

Using File Access

More fun with File Access

Summary

6. Authenticating and Controlling Access

UAG session and authentication concepts

The basic authentication flow

Trunk level authentication settings

Authentication servers

RADIUS

RSA SecurID

WinHTTP

Authentication server of the type "Other"

Smart card/client certificate authentication

Special handling for MS Office Rich Clients

Application level authentication settings

Handling form based authentication to backend applications

Kerberos constrained delegation

Application authorization settings

Local groups

AD FS 2.0

Requirements and limitations for AD FS 2.0 in UAG

Configuring the AD FS 2.0 authentication server in UAG

Additional configuration steps on the AD FS 2.0 server

Summary

7. Configuring UAG Clients

What are the client components?

Endpoint detection

SSL Application Tunneling component

Socket Forwarding

SSL Network Tunneling component

Endpoint Session Cleanup component

Supported platforms

Installing and uninstalling the client components

Preemptive installation of the components

Checking the client components version

The trusted sites list

Don't need the Client components?

Summary

8. Endpoint Policies

What endpoint policies can do and how they work?

How it works?

Endpoint policies access type

Platform specific policies

Assigning endpoint policies

Built-in policies

Choosing or designing the appropriate policies for your organization

Creating policies using the policy editor

Editing policies in script mode

Configuring upload and download settings

Identify by URL

Identify by extension

Identify by size

Configuring restricted zone settings

Certified Endpoints

Integration with Network Access Protection

How does NAP work?

Configuring UAG to use NAP

Summary

9. Server Maintenance and Upkeep

Who needs monitoring?

The UAG activation monitor

The UAG Web Monitor

Monitoring sessions

General

Applications

Endpoint Information

Parameters

Session Statistics

Monitoring applications and users

Monitoring server farms

Monitoring server array members

Event Viewer

Event Query

Configuring UAG event logging

Queue and report size

Built-in

RADIUS and Syslog

Mail

UAG services

UAG and the System Event Log

Publishing the UAG Web Monitor

Live Monitoring using TMG

The Windows Performance Monitor

Running a server trace

Updating the server with Windows Updates

Updating the server with UAG updates

Other updates

Antivirus on the server and other tools

Backing up UAG

Restoring UAG (to itself, and to other servers)

Summary

10. Advanced Configuration

Basic trunk configuration

Advanced configuration overview

The General tab

The Authentication tab

The Session tab

The Application Customization tab

The Portal tab

The URL Inspection tab

Global URL Settings and URL Set tabs

Rule editing and modification

NLB and Arrays

Adding load balancing into the mix

Putting it all together

Summary

11. DirectAccess

What's in it for me?

A little bit of history

How does DirectAccess work?

IPSec and its tunnels

IPv6—what's the big deal?

Hardware considerations

Connecting your server to the Internet

The Network Location Server

More infrastructure considerations

Client connection modes

Setting up the IP-HTTPS public site

DirectAccess name resolution

ISATAP, DNS64, and NAT64

Tunneling mode

DirectAccess Connectivity Assistant

Putting it all together

Wizard Rime

Client and GPO configuration

The DirectAccess Connectivity Assistant

DirectAccess Server configuration

Infrastructure Servers configuration

End-to-End Access configuration

Keeping an eye on the server

Trouble?

Removing DirectAccess

Setup and configuration errors

Whose fault is it?

DCA to the rescue

Server related issues

Client side issues

Transition technology issues

Advanced troubleshooting

Additional resources

Summary

12. Troubleshooting

Whodunnit?

Administrative errors

File Access

SSL Network Tunneling

Certificate problems during activation

Backup and restore

Updating the server

Portal and Trunk issues

Application issues

Common application publishing mishaps

Blocking uploads and downloads

URL limits

Server Performance

Other optimizations

SharePoint issues

SSL tunneling

SSTP

Other server and application issues

Client issues

Client misbehavior

RDS client issues

Misc client issues

Customization issues

General errors

Tracing problems

What's next?

Summary

A. Introduction to RegEx RegEx

Why do I need this?

What are Regular Expressions?

The UAG RegEx RegEx syntax

Literals

Special characters

B. Introduction to ASP

What is ASP, and how does it work?

What can you do with it?

Getting started with ASP

Putting the pieces together

Some more ASP principles

No one likes to repeat himself

So, what's in it for me?

Index