All posts in category Forefront UAG 2010

Forefront UAG 2010 SP3 Now Available

Service Pack 3 for Microsoft Forefront UAG 2010 is now available for download. SP3 for Forefront UAG 2010 includes several important new features and enhanced functionality, including:

Support for Internet Explorer 10 on Windows 8 – Full support is provided only for Internet Explorer 10 in desktop mode. The modern UI version of Internet Explorer 10 does not provide support for browser add-ons. If a user accesses the Forefront UAG 2010 portal and the trunk is configured to install and launch the UAG client components, the user will receive a message indicating that the site requires add-ons which will require the desktop version of Internet Explorer 10.

Support for the Native Windows 8 Mail App – Windows 8 users can now connect to published Exchange servers using the built-in Windows 8 modern UI mail app

Remote Desktop Connection (RDC) 8.0 client support – Windows 8 users and Windows 7 users who have upgraded to the RDC client v8.0 can now access remote desktop resources published by Forefront UAG 2010 SP3

Exchange Server 2013 – Application publishing wizards in Forefront UAG 2010 SP3 now include native support for Exchange Server 2013

SharePoint Server 2013 – Application publishing wizards in Forefront UAG 2010 SP3 now include native support for SharePoint Server 2013

Support for Office 2013 applications – Publishing Office 2013 applications such as Outlook, PowerPoint, Word, and Excel is now natively supported in Forefront UAG 2010 SP3

You can download SP3 for Forefront UAG 2010 here. After installation the Forefront UAG 2010 build number will be 4.0.3206.10100.

3 Comments
by Richard M. Hicks on February 20, 2013  •  Permalink
Posted in Forefront UAG 2010, Important Links, Windows 8
Tagged , , , , , , , , , , ,

Posted by Richard M. Hicks on February 20, 2013

https://directaccess.richardhicks.com/2013/02/20/forefront-uag-2010-sp3-now-available/

PAL v2.3.3 Now with Forefront UAG 2010 Support

Recently the Performance Analysis of Logs (PAL) tool was updated and now includes a threshold file for Forefront UAG 2010. PAL is an essential utility that can make troubleshooting performance issues or capacity planning dramatically easier. I’ve written about using PAL on Forefront TMG 2010 in the past, and using PAL with Forefront UAG 2010 will be very similar. You can download the latest release of PAL at pal.codeplex.com.

Leave a comment
by Richard M. Hicks on January 8, 2013  •  Permalink
Posted in Forefront TMG 2010, Forefront UAG 2010
Tagged , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on January 8, 2013

https://directaccess.richardhicks.com/2013/01/08/pal-v2-3-3-now-with-forefront-uag-2010-support/

Windows Server 2012 Unified Remote Access Book Coming Soon

My good friends Ben Ben-Ari and Bala Natarajan are putting the finishing touches on their latest book entitled Windows Server 2012 Unified Remote Access Planning and Deployment. This book will cover in detail how to plan and deploy remote access solutions using Windows Server 2012 including VPN (remote access and site-to-site) as well as DirectAccess. The authors are both highly qualified to write about this subject, as Ben has been supporting Forefront UAG 2010 and DirectAccess for many years, and Bala is the Program Manager for the Windows Core Networking team. The book is due to be released in January 2013 and it is sure to be an essential reference for all things remote access in Windows Server 2012. Pre-order your copy of Windows Server 2012 Remote Access today!

Windows Server 2012 Unified Remote Access Planning and Deployment

Leave a comment
by Richard M. Hicks on October 19, 2012  •  Permalink
Posted in Forefront UAG 2010, Important Links, IPv6, Remote Access, VPN, Windows Server 2012
Tagged , , , , , ,

Posted by Richard M. Hicks on October 19, 2012

https://directaccess.richardhicks.com/2012/10/19/windows-server-2012-unified-remote-access-book-coming-soon/

Microsoft DirectAccess Connectivity Assistant 2.0 Now Available

Recently Microsoft announced the availability of the DirectAccess Connectivity Assistant (DCA) v2.0. DCA v2.0 is required to be installed on Windows 7 DirectAccess clients when they are connecting to a DirectAccess Server running Windows Server 2012. It is important to note that DCA v2.0 is not required (and should not be installed) on Windows 8 DirectAccess clients. In addition, DCA v2.0 should not be installed on Windows 7 DirectAccess clients when they are connecting to a Windows Server 2008 R2/Forefront UAG 2010 DirectAccess server. For Windows 7 DirectAccess clients accessing corporate network resources over Windows Server 2008 R2/Forefront UAG 2010, install DCA v1.5. DCA v1.5 can be found on the Forefront UAG server at C:\Program Files\Microsoft Forefront Unified Access Gateway\common\bin\da\dca.

The DCA provides DirectAccess users with connectivity status information, detailed diagnostics and troubleshooting, and is required to support One-Time Password (OTP) authentication. You can download DCA v2.0 here.

2 Comments
by Richard M. Hicks on September 18, 2012  •  Permalink
Posted in Forefront UAG 2010, Important Links, Windows Server 2008 R2, Windows Server 2012
Tagged , , , , , , , , , , , ,

Posted by Richard M. Hicks on September 18, 2012

https://directaccess.richardhicks.com/2012/09/18/microsoft-directaccess-connectivity-assistant-2-0-now-available/

Overview of New DirectAccess Features in Windows Server 2012

Microsoft recently announced the Release to Manufacturing (RTM) for Windows Server 2012. Windows Server 2012 includes a new Unified Remote Access role that provides many new and exciting features. Along with significant enhancements to DirectAccess, the Routing and Remote Access Service (RRAS) can now be co-located with DirectAccess server to provide legacy remote access VPN client connectivity (PPTP, L2TP/IPsec, and SSTP) as well as site-to-site VPN. Windows Server 2012 can now serve as your consolidated remote access solution and can be managed from a single management console. Here’s an overview of some of the compelling new features found in Windows Server 2012 DirectAccess.

Simplified and Flexible Deployment

Windows Server 2012 DirectAccess includes a new simplified deployment model makes implementing DirectAccess incredibly simple. After adding the Remote Access role, configuring DirectAccess can be done, quite literally, in just three mouse clicks. The new simplified deployment model does have some limitations, so the deployment wizard includes the flexibility to fully customize the implementation according to your specific requirements. Also, DirectAccess in Windows Server 2012 now supports deployment behind an existing edge firewall or border router/NAT device. Previous versions of DirectAccess had a hard requirement to be placed directly on the network edge and have two public IPv4 addresses assigned to it. In addition, Windows Server 2012 DirectAccess now also supports a single network adapter configuration, allowing the remote access gateway to be deployed inside of an existing perimeter network or DMZ. Another significant improvement with DirectAccess in Windows Server 2012 is support for multiple network entry points for DirectAccess clients. This feature is essential for large organizations with a requirement for automatic and transparent redundancy and intelligent client roaming. To simplify deployment and management, PowerShell 3.0 included with Windows Server 2012 can be used to fully automate and manage all aspects of the Unified Remote Access and DirectAccess gateway role. Finally, Windows Server 2012 also supports Offline Domain Join which allows administrators to join computers to the domain without having corporate network connectivity.

Reduced Infrastructure Requirements

A major limitation to DirectAccess in Windows Server 2008 R2 was the requirement for running IPv6 on the internal corporate network. As a workaround, Forefront Unified Access Gateway (UAG) 2010 could be deployed in the DirectAccess gateway role as it included protocol translators (DNS64 and NAT64) which allowed DirectAccess clients to communicate with intranet resources that were running only IPv4. However, deploying Forefront UAG added expense and complexity to the solution. Forefront UAG 2010 is no longer required to support this scenario, as the DNS64 and NAT64 protocol translators are now included in Windows Server 2012 DirectAccess. The new simplified deployment model eliminates the requirement for a Public Key Infrastructure (PKI), although certificates are still required for authentication so self-signed certificates are employed. A PKI is still the recommended and preferred way to implement certificates, and in fact a PKI is a requirement in certain deployment scenarios, such as when forced tunneling is configured, or when strong authentication or Network Access Protection integration is required.

Performance, Scalability and High Availability Improvements

The Microsoft core networking team did a tremendous job addressing the performance and scalability limitations of previous iterations of DirectAccess. A common complaint from those who have deployed earlier versions of DirectAccess was the performance of the IP-HTTPS transition protocol. In a nutshell, a DirectAccess client would fall back to using IP-HTTPS for DirectAccess communication when it was located behind a NAT device that was also preventing outbound UDP 3544. When this occurred, IPsec encrypted tunnels would then be encrypted again with SSL/TLS. This placed heavy demands on both the client and server side of the tunnel and severely reduced performance and limited scalability. In Windows Server 2012 DirectAccess, IP-HTTPS performance is on par with that of Teredo, as IP-HTTPS now uses null encryption for DirectAccess communication, eliminating the redundant and needless double encryption. With the simplified deployment scenario, only a single IPsec tunnel is required for DirectAccess corporate network connectivity. Requiring just one IPsec tunnel for each client reduces the processing load on the DirectAccess gateway significantly in large scale deployments. In terms of reliability, true high availability is now included with DirectAccess in Windows Server 2012 with the inclusion of Network Load Balancing (NLB) support for DirectAccess gateways. NLB provides efficient active/active clustering capabilities that offer more flexible scalability than using failover clustering in previous DirectAccess releases.

Security

DirectAccess in Windows Server 2012 includes additional security options. DirectAccess now natively supports strong authentication using RADIUS One-Time Passwords (OTP), and also supports Virtual Smart Cards hosted on the mobile computer’s Trusted Platform Module (TPM). The Unified Remote Access role can be deployed on Server Core, which substantially improves the overall security of the solution by reducing the attack surface, while at the same time decreasing system downtime by reducing the number of updates required by the operating system. In addition, a new feature of the Windows 8 client prompts the user for network credentials, if necessary, to facilitate remote corporate network connectivity when the DirectAccess client is located behind an authenticating proxy.

As you can see, there are many new and exciting features and capabilities included in the new Unified Remote Access role on Windows Server 2012. Many of these features will greatly simplify the configuration, deployment, and management of remote access and DirectAccess. Also, many of the new capabilities provided with Windows Server 2012 DirectAccess effectively eliminate the need to deploy Forefront Unified Access Gateway (UAG) 2010, making the overall solution less complex and more cost effective. Windows Server 2012 DirectAccess will provide support for Windows 7 Enterprise and Ultimate clients. However, Windows 8 Enterprise clients will be required to take full advantage of many of the new advanced features of Windows Server 2012 DirectAccess.

4 Comments
by Richard M. Hicks on September 10, 2012  •  Permalink
Posted in Forefront UAG 2010, Important Links, IPv6, NAP, Remote Access, Windows Server 2008 R2, Windows Server 2012
Tagged , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on September 10, 2012

https://directaccess.richardhicks.com/2012/09/10/overview-of-new-directaccess-features-in-windows-server-2012/

Networking and DirectAccess Sessions at TechEd 2012

This year I had the privilege of attending both TechEd North America and TechEd Europe, and presenting a session on Forefront TMG and UAG at both events. With the release of Windows 8 and Windows Server 2012 due later this year, there were many sessions about the technologies included in the new client and server operating systems. When I wasn’t delivering my session or spending time with the Microsoft team in the learning center, I attended a number of sessions on security and networking. If you were unable to attend, or perhaps missed any of these sessions, they are now all available online on MSDN Channel 9. [ North America | Europe ] Here is a list of my favorite sessions:

  • IPv6 Bootcamp: Get Up to Speed Quickly
  • Windows Server 2012 DirectAccess: How to Quickly and Easily Deploy Your Next Generation Remote Access Solution
  • Overview of Hyper-V Networking in Windows Server 2012
  • Windows Server 2012 NIC Teaming and Multichannel Solutions
  • Networking for Hybrid Cloud: BranchCache and Cross Premise Connectivity
  • Hyper-V Network Virtualization for Scalable Multi-Tenancy in Windows
  • Extending Enterprise Networks to Windows Azure using Windows Azure Virtual Networks
  • Demystifying Microsoft Forefront Edge Security Technologies: TMG and UAG

    • Ok, I have to admit that I’m somewhat biased about that last session on the list. 😉 However, Windows Server 2012 does have a lot of new networking features and capabilities that make it a compelling solution for remote access and hybrid cloud connectivity. Have a look at some of these sessions and start evaluating Windows 8 and Windows Server 2012 today!

    3 Comments
    by Richard M. Hicks on July 3, 2012  •  Permalink
    Posted in Forefront TMG 2010, Forefront UAG 2010, Important Links, IPv6, Remote Access, Windows Server 2008 R2, Windows Server 2012
    Tagged , , , , , , , , , , , , , , , , , , , ,

    Posted by Richard M. Hicks on July 3, 2012

    https://directaccess.richardhicks.com/2012/07/03/networking-and-directaccess-sessions-at-teched-2012/

    Forefront TMG and UAG Presentation at TechEd North America 2012

    For those of you who were not able to attend Microsoft TechEd North America 2012 this year, the session I presented entitled “Demystifying Microsoft Forefront Edge Security Solutions: TMG and UAG” is now available online. Enjoy!

    Forefront TMG and UAG Presentation at TechEd North America 2012

    Leave a comment
    by Richard M. Hicks on June 19, 2012  •  Permalink
    Posted in Forefront TMG 2010, Forefront UAG 2010, Important Links
    Tagged , , , , , , , , ,

    Posted by Richard M. Hicks on June 19, 2012

    https://directaccess.richardhicks.com/2012/06/19/forefront-tmg-and-uag-presentation-at-teched-north-america-2012/

    Newer Posts »
    %d bloggers like this: