1. Grazie a Sponsor

2. Agenda User Experience UAG Usage Forefront UAG architecture UAG 2010: Support boundaries UAG Access Model Windows 2012 Direct Access And UAG UAG Publishing 3. User Experience 4. User Experience - SharePoint WorkSpace Mobile 5. A Good Reason To Talk About UAG 6. UAG UsageAllowIntegrationanywhere with SSTP accessDirectAccessForefront UAG is used onlyPortalfor inbound access control Endpoint AllowCustomization compliance integration scan with NAP 7. Forefront UAG architectureImage from : Deploying MicrosoftForefront Unified Access Gateway 2010Microsoft Press 8. Whats New In UAG64-Bit SoftwareEnhanced Host-based and Network FirewallMulti-Server ArraysNetwork Load BalancingUAG and DirectAccessPublishing CapabilitiesRemote Access Client VPN Services 9. Forefront UAG Service Pack 3 : Whats New 10. UAG 2010: Support boundaries Direct Access http://technet.microsoft.com/en-us/library/ee522953.aspxYou can use Forefront UAG as a publishing server, creating trunks to publishcorporate applications for access by remote client endpoints either directly, orvia a Web portal. In addition, you can deploy Forefront UAG as a DirectAccessserver, to extend the benefits of Windows DirectAccess across yourinfrastructure, providing transparent access for DirectAccess clients. Note thefollowing : A single server can be configured as both a Forefront UAG publishing server,and as a Forefront UAG DirectAccess server An array can consist of Forefront UAG servers that act as both remote accesspublishing servers, and as Forefront UAG DirectAccess servers You cannot publish the Network Connector application when Forefront UAGis configured as a DirectAccess server. 11. UAG 2010: Support boundaries Network adaptershttp://technet.microsoft.com/en-us/library/ee522953.aspx Forefront UAG supports configuration of two networks internal and external. Connecting to different switches fornetwork redundancy is supported, providing that both aredefined as part of the internal or external network Using Forefront TMG running on the Forefront UAG server toprovide multiple network routing is not supported Deployment with a single network adapter is not supported 12. UAG 2010: Support boundaries Forefront TMG running on Forefront UAG http://technet.microsoft.com/en-us/library/ee522953.aspxBy default, Forefront Threat Management Gateway (TMG) is installing duringForefront Unified Access Gateway (UAG) Setup. Forefront TMG is installed as acomplete product, and is not modified to run on a Forefront UAG serverForefront UAG uses Forefront TMG, as follows: Forefront TMG acts as a firewall, protecting the Forefront UAG server Forefront UAG uses Forefront TMG infrastructure and functionality in somedeployment and monitoring scenarios 13. Forefront UAG client devices http://technet.microsoft.com/en-US/library/dd920232.aspxInternet Explorer versionNon-Internet Explorer browser Mobile browser support - Mobile operating system support -Brower versionInternet Explorer 6Windows RT Firefox 2.0.x Firefox 3.0.x Windows Phone 7, Windows Phone 7.5, Windows Phone 8Internet Explorer 7 Firefox 3.5.x Windows Mobile 2005 for Pocket PC; Windows Mobile 6; WindowsInternet Explorer 8Firefox 4 Mobile 6.5 Firefox 10 Firefox 11Internet Explorer 9iPhone version 3.0.x Safari 3.2.xInternet Explorer 10 (64-bit)iOS: 4.x and 5.x on iPhone and iPad Safari 4.0.x Safari 5.0.xAndroid: Phone 2.3; Tablet 3.0; Phone 4.0; Tablet 4.0Internet Explorer 10 (32-bit) Opera 9 Nokia : S60 3rd edition, S60 3rd edition, Feature Pack 2, S60 5th edition 14. Windows 2012 Direct Access And UAGUAG features for DirectAccesshave been rolled into Server 2012Side-by-Side Migration ofForefront UAG DirectAccesshttp://technet.microsoft.com/en-us/library/hh831623.aspx 15. UAG Access Model Non Web BasedWeb Applications Reverse Port ApplicationsProxy AndForwardingPortalDirect SSTP or NetworkVpnTransparentAccessConnectorRemote Access 16. UAG Standalone Or Domain Member ?UAG can be deployed as either a domain member or aworkgroup memberSSTP VPN connection Scenarios that REQUIRECertifcate based authenticationdomain membership : File server access 17. Fault Tolerance and Load Balancing A Forefront UAG server array is configured as, and acts like, a single logicalForefront UAG server Configuration is performed once, at the array manager, and then isdistributed automatically to all the array member Forefront UAG is integrated with Network Load Balancing Do not configure NLB on the Forefront UAG server in the Windows NetworkLoad Balancing console Alternative : external load balancer (check for compliance with Direct Access) 18. UAG Requirements The minimum hardware requirements are asfollows: 2.66 GHz, Dual core CPU 4 GB memory and 2.5 GB of free disk space Two network adapters There is no official sizing guide for UAG Reserve enough disk space for the logs 19. UAG Publishing Access to our applications and resourcesto people coming from different locations,and from different devices Single web application or a Forefront UAGportal (that consolidates multipleresources in a single gateway) 20. Publishing PortalsAll applicationsthat you want topublish throughForefront UAGneed to be partof a portal 21. Publishing TrunksUAG establishesA series of rulesA website in IISa listener in TMG 22. Multiple Trunks A UAG server can contain multiple trunks,depending on how many IP addresses areassigned to its external interface At any point, an administrator can add IPaddresses to the external NIC of the UAGserver, add public DNS mappings to theseaddresses, and add more trunks 23. UAG Applications An "application" for UAG is a collection ofsettings and rules that determine howUAG publishes a certain internal website orapplication 24. Types Of Applications Over 40 templates Built-in services Web (applications) Client/Server and Legacy Remote Network Access -> Full VPN Browser-embedded XenApp Terminal Services and Remote Desktop 25. HAT and AAM Host Address Translation (HAT) to publishinternal servers with no FQDN resolvable onthe external networks Publish multiple servers from within theorganization, all on a single IP and port SharePoint has a feature called AlternateAccess Mappings (AAM) that modifies theURLs before they are sent to UAG 26. Portal And Direct connectionPortalDirect connectionWe are able to create a We can publish a webApplications will beweb portal to act as a application with a public published in the portal gateway FQDN 27. Authentication RepositoryExternal users areauthenticatedagainst a variety ofauthenticationdirectories 28. Creating a PortalDEMO 29. Publishing SharePoint 30. Publishing SharePointDEMO 31. Publishing Exchange Outlook Web App Outlook Anywhere(RPC-over-HTTPS) ActiveSync Configure Exchange publishing : As a normal application Directly during the process of creating a trunk (CreateTrunk Wizard) 32. Remote Connectivity Network Connector Listens and tunnels ALL traffic into the internalnetwork Secure Socket Tunneling Protocol SSTP is a Windows Server feature that is new toWindows Server 2008 On the client side, the SSTP "client" is also built-in UAG adds clients auto configuration DirectAccess 33. Publishing remote network access with SSTPDEMO 34. Remote Desktop Configure the RemoteApp on yourTerminal ServerRemoteApp Export the RemoteAppconfiguration as a TSPUB Make it available to UAGRemote Desktop(Predefined)Remote Desktop (User Defined) 35. Publishing File Access and Local Drive Mapping applicationsDEMO 36. Client Components The UAG client components are automaticallyinstalled on computer that connects to theUAG portal : Endpoint detection They contain the SSL tunneling components Endpoint Session Cleanup component, whichcleans up the users system after a session hasended 37. Q&ATutto il nateriale di questa sessione suhttp://www.communitydays.it/#CDays13