Posts

Showing posts from March, 2012

UAG endpoint detection and access policies

Image
Endpoint detection and access policies are among the most important security features of the Unified Access Gateway (UAG). Naturally, the ability to evaluate the health of endpoint devices and to enforce certain requirements goes a long way towards enhancing overall security profile of any remote access solution and can play an essential role in implementing organization’s security in-depth strategy. UAG endpoint detection and access policies allow for an extremely detailed level of control. The policies can be applied at three different levels:

Trunk – policies applied at this level will be enforced before a user logs on, and if the computer does not meet them, the user will not even reach the log-on page.Portal – policies applied at this level may prevent a user from accessing the portal application after the log-on.Application – policies applied at this level may block access to some or all published applications.
When the user tries to access the UAG portal client components are ini…

International Cloud

Image
Just a couple of interesting Cloud Technologies related facts and points. Please, see the original source for more information and a complete Infographic




UAG Customization

One of the strong selling points of UAG 2010 is its extensibility. Thing to keep in mind though is that while UAG customization can be very flexible, implementing complex scenarios will most certainly take you beyond out of the box functionality. And here's where some guidance would be much appreciated.


TechNet resource "Customizing Forefront UAG" is a good starting point, and there’s a book that was just published that covers this very topic – “Mastering Microsoft Forefront UAG 2010 Customization” by Erez Ben-Ari. I have already picked up a Kindle version for $9.99, but haven't had a chance to read it yet. If Ben-Ari's previous book "Microsoft Forefront UAG 2010 Administrator's Handbook" is of any indication, this is going to be an excellent resource.

Symbolic Linking

Symbolic links allow for the transparent sharing of data across volumes as well as network shares (i.e. data located on the same computer or on remote computers). The technology makes accessing data across various shared network resources easier and more transparent, in a similar way Distributed File System (DFS) does, but without the need to setup DFS infrastructure (of course, DFS functionality goes way beyond of what the symbolic links can do so, you have to understand the requirements and - use the right tool for the job).

If the notion of symbolic links sounds familiar that's because it has existed within the UNIX/Linux world pretty much forever. The functionality's now been made available in the Windows Server 2008 operating system to add some oomph to the migration from and the application compatibility with UNIX/Linux operating systems.


Well, regardless of where the functionality came from or what the intended goals might have been, it could still be quite handy in many …

UAG Pre-installation Checklist

Image
Here's a quick pre-installation checklist I have developed for the UAG deployments. Of course, it may not cover all possible deployment scenarios. So, feel free to expand upon it as necessary.




Network:
Networking has been configured correctlyStatic IPs assigned to all network interfacesStatic IPs to be assigned to each trunk (in load-balanced array this will be assigned to the VIP associated with the trunk) have been reservedConnectivity to the Internet worksConnectivity to the internal network worksAll internal networks (network ranges that UAG will be fronting/protecting) have been explicitly identified

Server(s):
All servers meet system requirementsAll available Windows updates have been installedAll servers are clean, with no additional (unnecessary) software installedAll servers have been properly namedIf applicable (required for UAG array), all servers have been joined to the domain No previous versions of UAG, TMG, or SQL are installed on any of the serversWindows firewall serv…

UAG 2010

Image
Forefront Unified Access Gateway 2010 delivers comprehensive, secure remote access to corporate resources for employees, partners, and vendors from a diverse range of endpoints and locations, including managed and unmanaged PCs and mobile devices.


Background: Forefront Unified Access Gateway (UAG) and Threat Management Gateway (TMG) trace their lineage back to other well known Microsoft products - Intelligent Application Gateway (IAG), Internet Security and Acceleration (ISA) Server, Proxy Server, and incorporate technologies from Microsoft acquisitions (Whale Communications). The following outlines latest steps in the UAG and TMG products evolution:   

and a brief feature comparison:

Business Ready Security: Microsoft's Business Ready Security strategy is designed to help organizations of all sizes with managing risk while empowering collaboration and information sharing. At the time of this writing there are five comprehensive solutions that are aligned with this strategy: Identity an…

Office 365 Information and Resources

Image
Office 365 Getting Started
Overview:
General Overview | videoPart 1: Connecting with people and information in new ways | videoPart 2: Scheduling and running meetings with ease | videoPart 3: Collaborating on documents and sharing business information | videoTour for Users:
Chapter 1: Welcome to Office 365 | videoChapter 2: Email and more | videoChapter 3: Collaborate with Team Sites | videoChapter 4: Microsoft Office and Office Web Apps | videoChapter 5: Communicate now with Lync | videoTour for Administrators:
Office 365 for Enterprises: The Admin Experience | video
Office 365 Information and Resources
Portal:
Provides a “one-stop-shop” access to the Office 365 features (manage your profile, change your password, download and install required components, navigate to OWA via Outlook link, navigate to SharePoint via Team Site link).
Office 365 Portal URL | https://portal.microsoftonline.com/Getting started with Office 365 | Online Help
Exchange Online:
Exchange Online offers cloud-based email, …