Explore Microsoft Forefront Unified Access Gateway's wide range of features and abilities to publish applications to remote users or partners, and provide remote-access to your network with world-class security. Maximize your business results by fully understanding how to plan your UAG integration Consistently be ahead of the game by taking control of your server with backup and advanced monitoring An essential tutorial for new users and a great resource for veterans Uncover the advantages and ease of use of Direct Access, the latest VPN technology from Microsoft Packed with detailed explanations of concepts, terms and technologies, with hand-in-hand guidance through the tough parts Includes the most updated information, up to and including Service Pack 1 for UAG 2010 In Detail Microsoft Forefront Unified Access Gateway (UAG) is the latest in a line of Application Publishing (Reverse Proxy) and Remote Access (VPN) Server products. The broad set of features and technologies integrated into UAG makes for a steep learning curve. Understanding all the features and abilities of UAG is a complex task that can be daunting even to experienced networking and security engineers. This book is the first to be dedicated solely to Microsoft Forefront UAG. It guides you step-by-step throughout all the stages of deployment, from design to troubleshooting. Written by the absolute experts who have taken part of the product's development, official training and support, this book covers all the primary features of UAG in a friendly style and a manner that is easy to follow. It takes you from the initial planning and design stage, through deployment and configuration, up to maintenance and troubleshooting. The book starts by introducing UAG's features and and abilities, and how your organization can benefit from them. It then goes on to guide you through planning and designing the integration of the product into your own unique environment. Further, the book guides you through the process of publishing the various applications, servers and resources - from simple web applications to complex client/server based applications. It also details the various VPN technologies that UAG provides and how to take full advantage of them. The later chapters of the book educate you with common routine "upkeep" tasks like monitoring, backup and troubleshooting of common issues. Finally, the book includes an introduction to ASP, which some of the product's features are based on, and can help the advanced administrator with enhancing and customizing the product. Explore Microsoft Forefront Unified Access Gateway's wide range of features and abilities to publish applications to remote users or partners, and provide remote-access to your network with world-class security. What you will learn from this book Understand how UAG can help your organization with secure remote access. Plan and design the integration of UAG into your unique environment. Create trunks and publish all kinds of applications on them. Enable VPN access for multiple platforms. Design and implement DirectAccess for your organization. Manage endpoint security with advanced policies. Monitor, maintain and secure your Microsoft server. Integrate UAG with multiple infrastructures and platforms. Discover various types of applications UAG can publish, and how to publish them. Learn how to provide remote access to your users or partners using SSL technology. Take advantage of single sign-on with low administrative overhead and high security. Integrate UAG with existing authentication infrastructure like Active Directory. Gain knowledge of advanced endpoint management for ultimate security in a world of unknowns. Perform troubleshooting and solve problems like the pros. Integrate UAG with AD FS V2 for maximum corporate flexibility and security. Discover how to publish Microsoft Office SharePoint Server 2007 and 2010 securely Find out how UAG interacts with TMG 2010 (the successor to ISA server 2004) Approach This book is a hands-on guide, describing concepts, ideas and terminology related to UAG and related technologies. The book starts with a discussion of terms that UAG technology is based on, and proceeds with step-by-step guidance for performing the various tasks related to UAG's core features. Each topic is preceded by a discussion of considerations that the administrator and the organization needs to go through to prepare for the task at hand, and includes plenty of screenshots illustrating what the administrator should expect to see on-screen, with real-life examples of configuration options. Who this book is written for If you are a Networking or Security engineer who intends to integrate UAG into the organization network, then this book is for you. You need no experience with UAG or its predecessors, though basic understanding of Networking and Windows Server management and engineering is required. Experience with security systems like Firewalls would also help you to better understand some of the topics covered by this book.
Author(s): Erez Ben-Ari, Ran Dolev
Publisher: Packt Publishing
Year: 2011
Language: English
Pages: 484
Tags: Библиотека;Компьютерная литература;
Cover......Page 1
Copyright......Page 3
Credits......Page 4
About the Authors......Page 5
About the Reviewers......Page 6
www.PacktPub.com......Page 8
Table of Contents......Page 12
Preface......Page 20
Basic principles......Page 30
How UAG works......Page 33
Software requirements......Page 38
Hardware requirements......Page 40
Considerations for placing the server......Page 41
Planning the networking infrastructure......Page 43
Domain membership......Page 44
Planning remote connectivity......Page 45
Load balancing and high availability......Page 46
Choosing clients......Page 48
From test to production......Page 50
Tips for a successful deployment......Page 51
Dos and Don'ts for a successful deployment......Page 52
Summary......Page 53
What the installation contains......Page 54
Preparing your server......Page 55
Preparing the installation files......Page 63
Installation......Page 65
Verifying the installation......Page 67
Running the Getting Started Wizard......Page 69
Applying updates or Service Packs......Page 76
Post-installion issues......Page 77
Summary......Page 80
What are Trunks and Applications?......Page 82
Types of trunks......Page 84
Web Applications......Page 87
Client/Server and Legacy......Page 88
Browser-embedded applications......Page 89
What is URL signing and how does it work?......Page 90
Designing your trunks, applications, and nesting......Page 92
Some common applications and the appropriate templates......Page 94
DNS name resolution......Page 95
Preparing for an HTTPS trunk......Page 97
Digital certificates......Page 98
Creating an HTTPS trunk......Page 102
Publishing an HTTP trunk......Page 108
What happens when you add a trunk?......Page 109
Summary......Page 113
The four steps to application publishing......Page 114
Application specific hostname applications versus Portal hostname applications......Page 115
The Add Application Wizard......Page 117
Application order......Page 132
Considerations for Exchange publishing......Page 133
Considerations for SharePoint publishing......Page 135
Different internal and external names......Page 137
Same internal and external FQDN names but different protocols......Page 139
Same internal and external names and protocols......Page 140
What is the Active Directory Federation Services 2.0 application?......Page 141
Certificate validation for published web servers......Page 142
Summary......Page 143
Advanced application types......Page 144
Remote connectivity......Page 146
Configuring browser embedded applications......Page 148
Configuring client/server applications......Page 153
Enhanced Generic Client Applications......Page 154
Generic HTTP Proxy Enabled Client Application......Page 156
Generic SOCKS Enabled Client Application......Page 157
Citrix Program Neighborhood (Direct)......Page 158
Outlook (corporate/workgroup mode)......Page 159
SSL Application Tunnelling component automatic disconnection......Page 160
Local Drive Mapping......Page 161
Remote Network Access......Page 162
SSL Network Tunnelling (Network Connector)......Page 163
Planning for Network Connector......Page 164
Configuring the Network Connector server......Page 166
Network Connector disconnecting?......Page 174
SSTP......Page 175
Remote Desktop applications......Page 178
Remote Desktop RDG templates......Page 181
Remote Desktop—predefined and user Defined......Page 183
File Access......Page 185
Preparing to Publish File Access......Page 186
Configuring File Access Domains, Servers, and Shares......Page 187
Using File Access......Page 188
More fun with File Access......Page 189
Summary......Page 190
UAG session and authentication concepts......Page 192
The basic authentication flow......Page 193
Trunk level authentication settings......Page 195
Authentication servers......Page 201
RADIUS......Page 202
WinHTTP......Page 203
Authentication server of the type "Other"......Page 204
Smart card/client certificate authentication......Page 205
Special handling for MS Office Rich Clients......Page 207
Application level authentication settings......Page 209
Handling form based authentication to backend applications......Page 213
Kerberos constrained delegation......Page 214
Application authorization settings......Page 219
Local groups......Page 223
Requirements and limitations for AD FS 2.0 in UAG......Page 224
Configuring the AD FS 2.0 authentication server in UAG......Page 226
Additional configuration steps on the AD FS 2.0 server......Page 231
Summary......Page 233
What are the client components?......Page 234
Endpoint detection......Page 235
SSL Application Tunneling component......Page 237
Socket Forwarding......Page 238
SSL Network Tunneling component......Page 239
Supported platforms......Page 240
Installing and uninstalling the client components......Page 241
Pre-emptive installation of the components......Page 243
Checking client components version......Page 244
The trusted sites list......Page 246
Don't need the Client components?......Page 247
Summary......Page 248
What endpoint policies can do, and how they work?......Page 250
How it works?......Page 251
Endpoint policies access type......Page 253
Platform specific policies......Page 255
Assigning endpoint policies......Page 256
Built in policies......Page 257
Choosing or designing the appropriate policies for your organization......Page 260
Creating policies using the policy editor......Page 261
Editing policies in script mode......Page 263
Configuring upload and download settings......Page 267
Identify by extension......Page 269
Identify by size......Page 270
Configuring restricted zone settings......Page 271
Certified Endpoints......Page 273
Integration with Network Access Protection......Page 275
How does NAP work?......Page 276
Configuring UAG to use NAP......Page 277
Summary......Page 280
Who needs monitoring?......Page 282
The UAG activation monitor......Page 283
The UAG Web Monitor......Page 284
Monitoring sessions......Page 285
Applications......Page 286
Parameters......Page 287
Session Statistics......Page 288
Monitoring applications and users......Page 289
Monitoring server farms......Page 290
Monitoring server array members......Page 291
Event Viewer......Page 292
Configuring UAG event logging......Page 293
RADIUS and Syslog......Page 294
Mail......Page 295
UAG services......Page 296
UAG and the System Event Log......Page 298
Live Monitoring using TMG......Page 300
The Windows Performance Monitor......Page 303
Updating the server with Windows Updates......Page 307
Updating the server with UAG updates......Page 308
Antivirus on the server and other tools......Page 309
Backing up UAG......Page 311
Restoring UAG (to itself, and to other servers)......Page 313
Summary......Page 314
Basic trunk configuration......Page 316
Advanced configuration overview......Page 318
The General tab......Page 319
The Authentication tab......Page 322
The Session tab......Page 323
The Application Customization tab......Page 327
The Portal tab......Page 331
The URL Inspection tab......Page 334
The Global URL Settings and URL Set tabs......Page 336
Rule editing and modification......Page 340
NLB and Arrays......Page 342
Adding load balancing into the mix......Page 347
Putting it all together......Page 349
Summary......Page 351
What's in it for me?......Page 352
A little bit of history......Page 353
How does DirectAccess work?......Page 354
IPv6—what's the big deal?......Page 355
Hardware considerations......Page 358
The Network Location Server......Page 360
Client connection modes......Page 363
Setting up the IP-HTTPS public site......Page 366
DirectAccess name resolution......Page 368
ISATAP, DNS64 and NAT64......Page 370
DirectAccess Connectivity Assistant......Page 373
Putting it all together......Page 374
Wizard Rime......Page 377
Client and GPO configuration......Page 378
The Direct Access Connectivity Assistant......Page 380
DirectAccess Server configuration......Page 383
Infrastructure Servers configuration......Page 387
End-to-End Access configuration......Page 391
Keeping an eye on the server......Page 397
Trouble?......Page 398
Removing DirectAccess......Page 399
Setup and configuration errors......Page 400
Who's fault is it?......Page 402
DCA to the rescue......Page 403
Server related issues......Page 404
Client side issues......Page 408
Transition technology issues......Page 409
Advanced troubleshooting......Page 413
Summary......Page 414
Whodunnit?......Page 416
Administrative errors......Page 417
Certificate problems during activation......Page 418
Updating the server......Page 419
Portal and Trunk issues......Page 420
Common application publishing mishaps......Page 421
Blocking uploads and downloads......Page 423
URL limits......Page 425
Server Performance......Page 429
Other optimizations......Page 431
SharePoint issues......Page 432
SSL tunneling......Page 434
Other server and application issues......Page 436
Client issues......Page 438
RDS client issues......Page 442
Misc client issues......Page 444
General errors......Page 446
What's next?......Page 453
Summary......Page 455
Why do I need this?......Page 456
Literals......Page 457
Special characters......Page 458
What is ASP, and how does it work?......Page 462
Getting started with ASP......Page 463
Putting the pieces together......Page 464
Some more ASP principles......Page 466
No one likes to repeat himself......Page 468
So, what's in it for ME?......Page 469
Index......Page 470