Microsoft Forefront UAG 2010 Administrator's Handbook -- Table of Contents -- Microsoft Forefront UAG 2010 Administrator's Handbook -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Instant Updates on New Packt Books -- Preface -- What this book covers -- What you need for this book -- Who this book for -- UAG versus IAG -- What's in the box? -- Conventions -- Reader feedback -- Errata -- Piracy -- Questions -- 1. Planning Your Deployment -- Basic principles -- How UAG works -- Software requirements -- Hardware requirements -- Considerations for placing the server -- Planning the networking infrastructure -- Domain membership -- Planning remote connectivity -- Load balancing and high availability -- Choosing clients -- From test to production -- Tips for a successful deployment -- Deployment checklist -- Do's and Don'ts for a successful deployment -- Summary -- 2. Installing UAG -- What the installation contains -- Service Packs and updates -- Preparing your server -- Pre-installation checklist -- Preparing the installation files -- Installation -- Verifying the installation -- Running the Getting Started Wizard -- Applying updates or Service Packs -- Common issues during installation -- Post installation issues -- Summary -- 3. UAG Building Blocks -- What are trunks and applications? -- Types of trunks -- Types of applications -- Built-in services -- Web applications -- Client/Server and Legacy -- Browser-embedded applications -- Terminal Services (TS) / Remote Desktop Services (RDS) -- What is URL signing and how does it work? -- Designing your trunks, applications, and nesting -- Some common applications and the appropriate templates -- DNS name resolution -- Preparing for an HTTPS trunk.

Asymmetric encryption -- Digital certificates -- Creating an HTTPS trunk -- Publishing an HTTP trunk -- What happens when you add a trunk? -- Summary -- 4. Publishing Web Applications -- The four steps to application publishing -- Application specific hostname applications versus Portal hostname applications -- The Add Application Wizard -- Application order -- Considerations for Exchange publishing -- Considerations for SharePoint publishing -- Different internal and external names -- Same internal and external FQDN names but different protocols -- Same internal and external names and protocols -- Sharepoint and IE security enhancements -- What is the Active Directory Federation Services 2.0 application? -- Certificate validation for published web servers -- Did you remember to activate? -- Summary -- 5. Advanced Applications and Services -- Advanced application types -- Remote connectivity -- Configuring browser embedded applications -- Configuring client/server applications -- Enhanced Generic Client Applications -- Enhanced HAT -- Generic HTTP Proxy Enabled Client Application -- Generic SOCKS Enabled Client Application -- Citrix Program Neighborhood (Direct) -- Outlook (corporate/workgroup mode) -- SSL Application Tunneling component automatic disconnection -- Local Drive Mapping -- Remote Network Access -- SSL Network Tunneling (Network Connector) -- Planning for Network Connector -- Adding Network Connector to the portal -- Configuring the Network Connector server -- Activating and testing the Network Connector -- Network Connector disconnecting? -- SSTP -- Remote Desktop applications -- Remote Desktop RDG templates -- Remote Desktop-predefined and user defined -- Remote Desktop considerations -- File Access -- Preparing to Publish File Access -- Configuring File Access Domains, Servers, and Shares -- Using File Access.

More fun with File Access -- Summary -- 6. Authenticating and Controlling Access -- UAG session and authentication concepts -- The basic authentication flow -- Trunk level authentication settings -- Authentication servers -- RADIUS -- RSA SecurID -- WinHTTP -- Authentication server of the type "Other" -- Smart card/client certificate authentication -- Special handling for MS Office Rich Clients -- Application level authentication settings -- Handling form based authentication to backend applications -- Kerberos constrained delegation -- Application authorization settings -- Local groups -- AD FS 2.0 -- Requirements and limitations for AD FS 2.0 in UAG -- Configuring the AD FS 2.0 authentication server in UAG -- Additional configuration steps on the AD FS 2.0 server -- Summary -- 7. Configuring UAG Clients -- What are the client components? -- Endpoint detection -- SSL Application Tunneling component -- Socket Forwarding -- SSL Network Tunneling component -- Endpoint Session Cleanup component -- Supported platforms -- Installing and uninstalling the client components -- Preemptive installation of the components -- Checking the client components version -- The trusted sites list -- Don't need the Client components? -- Summary -- 8. Endpoint Policies -- What endpoint policies can do and how they work? -- How it works? -- Endpoint policies access type -- Platform specific policies -- Assigning endpoint policies -- Built-in policies -- Choosing or designing the appropriate policies for your organization -- Creating policies using the policy editor -- Editing policies in script mode -- Configuring upload and download settings -- Identify by URL -- Identify by extension -- Identify by size -- Configuring restricted zone settings -- Certified Endpoints -- Integration with Network Access Protection -- How does NAP work? -- Configuring UAG to use NAP.

Summary -- 9. Server Maintenance and Upkeep -- Who needs monitoring? -- The UAG activation monitor -- The UAG Web Monitor -- Monitoring sessions -- General -- Applications -- Endpoint Information -- Parameters -- Session Statistics -- Monitoring applications and users -- Monitoring server farms -- Monitoring server array members -- Event Viewer -- Event Query -- Configuring UAG event logging -- Queue and report size -- Built-in -- RADIUS and Syslog -- Mail -- UAG services -- UAG and the System Event Log -- Publishing the UAG Web Monitor -- Live Monitoring using TMG -- The Windows Performance Monitor -- Running a server trace -- Updating the server with Windows Updates -- Updating the server with UAG updates -- Other updates -- Antivirus on the server and other tools -- Backing up UAG -- Restoring UAG (to itself, and to other servers) -- Summary -- 10. Advanced Configuration -- Basic trunk configuration -- Advanced configuration overview -- The General tab -- The Authentication tab -- The Session tab -- The Application Customization tab -- The Portal tab -- The URL Inspection tab -- Global URL Settings and URL Set tabs -- Rule editing and modification -- NLB and Arrays -- Adding load balancing into the mix -- Putting it all together -- Summary -- 11. DirectAccess -- What's in it for me? -- A little bit of history -- How does DirectAccess work? -- IPSec and its tunnels -- IPv6-what's the big deal? -- Hardware considerations -- Connecting your server to the Internet -- The Network Location Server -- More infrastructure considerations -- Client connection modes -- Setting up the IP-HTTPS public site -- DirectAccess name resolution -- ISATAP, DNS64, and NAT64 -- Tunneling mode -- DirectAccess Connectivity Assistant -- Putting it all together -- Wizard Rime -- Client and GPO configuration -- The DirectAccess Connectivity Assistant.

DirectAccess Server configuration -- Infrastructure Servers configuration -- End-to-End Access configuration -- Keeping an eye on the server -- Trouble? -- Removing DirectAccess -- Setup and configuration errors -- Whose fault is it? -- DCA to the rescue -- Server related issues -- Client side issues -- Transition technology issues -- Advanced troubleshooting -- Additional resources -- Summary -- 12. Troubleshooting -- Whodunnit? -- Administrative errors -- File Access -- SSL Network Tunneling -- Certificate problems during activation -- Backup and restore -- Updating the server -- Portal and Trunk issues -- Application issues -- Common application publishing mishaps -- Blocking uploads and downloads -- URL limits -- Server Performance -- Other optimizations -- SharePoint issues -- SSL tunneling -- SSTP -- Other server and application issues -- Client issues -- Client misbehavior -- RDS client issues -- Misc client issues -- Customization issues -- General errors -- Tracing problems -- What's next? -- Summary -- A. Introduction to RegEx RegEx -- Why do I need this? -- What are Regular Expressions? -- The UAG RegEx RegEx syntax -- Literals -- Special characters -- B. Introduction to ASP -- What is ASP, and how does it work? -- What can you do with it? -- Getting started with ASP -- Putting the pieces together -- Some more ASP principles -- No one likes to repeat himself -- So, what's in it for me? -- Index.