2. Agenda User Experience UAG Usage Forefront UAG architecture
UAG 2010: Support boundaries UAG Access Model Windows 2012 Direct
Access And UAG UAG Publishing 3. User Experience 4. User Experience
- SharePoint WorkSpace Mobile 5. A Good Reason To Talk About UAG 6.
UAG UsageAllowIntegrationanywhere with SSTP
accessDirectAccessForefront UAG is used onlyPortalfor inbound
access control Endpoint AllowCustomization compliance integration
scan with NAP 7. Forefront UAG architectureImage from : Deploying
MicrosoftForefront Unified Access Gateway 2010Microsoft Press 8.
Whats New In UAG64-Bit SoftwareEnhanced Host-based and Network
FirewallMulti-Server ArraysNetwork Load BalancingUAG and
DirectAccessPublishing CapabilitiesRemote Access Client VPN
Services 9. Forefront UAG Service Pack 3 : Whats New 10. UAG 2010:
Support boundaries Direct Access
http://technet.microsoft.com/en-us/library/ee522953.aspxYou can use
Forefront UAG as a publishing server, creating trunks to
publishcorporate applications for access by remote client endpoints
either directly, orvia a Web portal. In addition, you can deploy
Forefront UAG as a DirectAccessserver, to extend the benefits of
Windows DirectAccess across yourinfrastructure, providing
transparent access for DirectAccess clients. Note thefollowing : A
single server can be configured as both a Forefront UAG publishing
server,and as a Forefront UAG DirectAccess server An array can
consist of Forefront UAG servers that act as both remote
accesspublishing servers, and as Forefront UAG DirectAccess servers
You cannot publish the Network Connector application when Forefront
UAGis configured as a DirectAccess server. 11. UAG 2010: Support
boundaries Network
adaptershttp://technet.microsoft.com/en-us/library/ee522953.aspx
Forefront UAG supports configuration of two networks internal and
external. Connecting to different switches fornetwork redundancy is
supported, providing that both aredefined as part of the internal
or external network Using Forefront TMG running on the Forefront
UAG server toprovide multiple network routing is not supported
Deployment with a single network adapter is not supported 12. UAG
2010: Support boundaries Forefront TMG running on Forefront UAG
http://technet.microsoft.com/en-us/library/ee522953.aspxBy default,
Forefront Threat Management Gateway (TMG) is installing
duringForefront Unified Access Gateway (UAG) Setup. Forefront TMG
is installed as acomplete product, and is not modified to run on a
Forefront UAG serverForefront UAG uses Forefront TMG, as follows:
Forefront TMG acts as a firewall, protecting the Forefront UAG
server Forefront UAG uses Forefront TMG infrastructure and
functionality in somedeployment and monitoring scenarios 13.
Forefront UAG client devices
http://technet.microsoft.com/en-US/library/dd920232.aspxInternet
Explorer versionNon-Internet Explorer browser Mobile browser
support - Mobile operating system support -Brower versionInternet
Explorer 6Windows RT Firefox 2.0.x Firefox 3.0.x Windows Phone 7,
Windows Phone 7.5, Windows Phone 8Internet Explorer 7 Firefox 3.5.x
Windows Mobile 2005 for Pocket PC; Windows Mobile 6;
WindowsInternet Explorer 8Firefox 4 Mobile 6.5 Firefox 10 Firefox
11Internet Explorer 9iPhone version 3.0.x Safari 3.2.xInternet
Explorer 10 (64-bit)iOS: 4.x and 5.x on iPhone and iPad Safari
4.0.x Safari 5.0.xAndroid: Phone 2.3; Tablet 3.0; Phone 4.0; Tablet
4.0Internet Explorer 10 (32-bit) Opera 9 Nokia : S60 3rd edition,
S60 3rd edition, Feature Pack 2, S60 5th edition 14. Windows 2012
Direct Access And UAGUAG features for DirectAccesshave been rolled
into Server 2012Side-by-Side Migration ofForefront UAG
DirectAccesshttp://technet.microsoft.com/en-us/library/hh831623.aspx
15. UAG Access Model Non Web BasedWeb Applications Reverse Port
ApplicationsProxy AndForwardingPortalDirect SSTP or
NetworkVpnTransparentAccessConnectorRemote Access 16. UAG
Standalone Or Domain Member ?UAG can be deployed as either a domain
member or aworkgroup memberSSTP VPN connection Scenarios that
REQUIRECertifcate based authenticationdomain membership : File
server access 17. Fault Tolerance and Load Balancing A Forefront
UAG server array is configured as, and acts like, a single
logicalForefront UAG server Configuration is performed once, at the
array manager, and then isdistributed automatically to all the
array member Forefront UAG is integrated with Network Load
Balancing Do not configure NLB on the Forefront UAG server in the
Windows NetworkLoad Balancing console Alternative : external load
balancer (check for compliance with Direct Access) 18. UAG
Requirements The minimum hardware requirements are asfollows: 2.66
GHz, Dual core CPU 4 GB memory and 2.5 GB of free disk space Two
network adapters There is no official sizing guide for UAG Reserve
enough disk space for the logs 19. UAG Publishing Access to our
applications and resourcesto people coming from different
locations,and from different devices Single web application or a
Forefront UAGportal (that consolidates multipleresources in a
single gateway) 20. Publishing PortalsAll applicationsthat you want
topublish throughForefront UAGneed to be partof a portal 21.
Publishing TrunksUAG establishesA series of rulesA website in IISa
listener in TMG 22. Multiple Trunks A UAG server can contain
multiple trunks,depending on how many IP addresses areassigned to
its external interface At any point, an administrator can add
IPaddresses to the external NIC of the UAGserver, add public DNS
mappings to theseaddresses, and add more trunks 23. UAG
Applications An "application" for UAG is a collection ofsettings
and rules that determine howUAG publishes a certain internal
website orapplication 24. Types Of Applications Over 40 templates
Built-in services Web (applications) Client/Server and Legacy
Remote Network Access -> Full VPN Browser-embedded XenApp
Terminal Services and Remote Desktop 25. HAT and AAM Host Address
Translation (HAT) to publishinternal servers with no FQDN
resolvable onthe external networks Publish multiple servers from
within theorganization, all on a single IP and port SharePoint has
a feature called AlternateAccess Mappings (AAM) that modifies
theURLs before they are sent to UAG 26. Portal And Direct
connectionPortalDirect connectionWe are able to create a We can
publish a webApplications will beweb portal to act as a application
with a public published in the portal gateway FQDN 27.
Authentication RepositoryExternal users areauthenticatedagainst a
variety ofauthenticationdirectories 28. Creating a PortalDEMO 29.
Publishing SharePoint 30. Publishing SharePointDEMO 31. Publishing
Exchange Outlook Web App Outlook Anywhere(RPC-over-HTTPS)
ActiveSync Configure Exchange publishing : As a normal application
Directly during the process of creating a trunk (CreateTrunk
Wizard) 32. Remote Connectivity Network Connector Listens and
tunnels ALL traffic into the internalnetwork Secure Socket
Tunneling Protocol SSTP is a Windows Server feature that is new
toWindows Server 2008 On the client side, the SSTP "client" is also
built-in UAG adds clients auto configuration DirectAccess 33.
Publishing remote network access with SSTPDEMO 34. Remote Desktop
Configure the RemoteApp on yourTerminal ServerRemoteApp Export the
RemoteAppconfiguration as a TSPUB Make it available to UAGRemote
Desktop(Predefined)Remote Desktop (User Defined) 35. Publishing
File Access and Local Drive Mapping applicationsDEMO 36. Client
Components The UAG client components are automaticallyinstalled on
computer that connects to theUAG portal : Endpoint detection They
contain the SSL tunneling components Endpoint Session Cleanup
component, whichcleans up the users system after a session hasended
37. Q&ATutto il nateriale di questa sessione
suhttp://www.communitydays.it/#CDays13