Skip to main content

UAG Pre-installation Checklist

Here's a quick pre-installation checklist I have developed for the UAG deployments. Of course, it may not cover all possible deployment scenarios. So, feel free to expand upon it as necessary.




Network:
  • Networking has been configured correctly
  • Static IPs assigned to all network interfaces
  • Static IPs to be assigned to each trunk (in load-balanced array this will be assigned to the VIP associated with the trunk) have been reserved
  • Connectivity to the Internet works
  • Connectivity to the internal network works
  • All internal networks (network ranges that UAG will be fronting/protecting) have been explicitly identified


Server(s):
  • All servers meet system requirements 
  • All available Windows updates have been installed
  • All servers are clean, with no additional (unnecessary) software installed
  • All servers have been properly named
  • If applicable (required for UAG array), all servers have been joined to the domain 
  • No previous versions of UAG, TMG, or SQL are installed on any of the servers
  • Windows firewall service is started, and set to start automatically on all servers

Accounts:
  • User account (domain account if UAG server is joint to the domain) and password to perform UAG installation have been identified (must have administrative permissions on the server)
  • User account and password that will be impersonated by UAG to retrieve data from Active Directory have been identified (must have permissions to traverse AD and read objects and their attributes). Similar provisions will apply to other authentication repositories. 
  • If SharePoint resources are to be published, user account and password to access SharePoint central admin (for AAM modification) has been identified.  



Media and Licenses:

  • UAG installation media (latest version with applicable service packs and updates) has been obtained and made available
  • UAG product key / license has been obtained and made available


Miscellaneous:
  • All required URLs (for trunks and applications to be published) have been identified
  • Means of creating/editing DNS records (for the URLs mentioned above) have been established
  • Valid digital certificates for each trunk and each application that will require the use of HTTPS (SSL/TLS) have been obtained and made available

NOTE: The certificates should match the FQDN names used in access URL (for example: if https://xxx.yyy.com is used to access UAG portal, then the certificate should be issued to xxx.yyy.com). To simplify operations the use of wildcard (*.yyy.com) certificate is recommended.

Comments

Popular posts from this blog

Skype for Business and VTC Interoperability

Skype for Business (SfB) has a very, very strong potential, I have written about it in my previous post. I can't think of any other platform that shows as much promise in terms of bridging personal and business communications as well as unifying different modes and mediums. And all of this may have started with a strategic acquisition of Skype by Microsoft in 2011.

That said, the road ahead is not without challenges. For example, interoperability with other platforms. Making SfB work with existing Video TeleConferencing (VTC) systems, many of which represent significant capital investments in organizations' infrastructure, could be of a particular importance.

After reading statements like Skype for Business is based on Session Initiation Protocol (SIP) standards and supports H.264 (MPEG-4 video coding standard) one can come to a quick conclusion that integration and/or interoperability with other VTC solutions is easy or nearly automatic. Unfortunately, the industry is not qui…

PoSh Disable and Move AD Users

A quick and easy way to disable user accounts and move them into designated OU:

Import-Csv "C:\TEMP\users.csv" | ForEach-Object { `      $u=$_."sAMAccountName"; $l="Disabling and moving: " +$u; write-output $l; `      Get-ADUser -Identity $u | `      Disable-ADAccount -PassThru | `      Move-ADObject -TargetPath "OU=Disabled Users,OU=Organization,DC=domain,DC=local"
Input is provided via a CSV file:
users.csv (username) sAMAccountName  jdoe1  jdoe2  jdoe3  jdoe4  jdoe5  

To generate input file run something like this, review and edit as necessary:
Search-ADAccount –UsersOnly –AccountInactive –TimeSpan 180.00:00:00 | `      where {$_.enabled} | `      Get-ADUser | `      select sAMAccountName | `      Export-Csv -Path "C:\TEMP\users.csv"

WordPress displays weird characters

Sometimes after a database conversion (e.g. from MySQL to MariaDB) or due to encoding issues a situation might arise when WordPress is showing weird characters. A quick way of remedying the situation would involve examining the pages to discover a pattern (what characters are being substituted, in the example below the apostrophe was replaced by â€™) then running an queries against the database to reverse the effect. Here's a quick example (common tables that store content):



UPDATE wp_posts SET post_content = REPLACE(post_content, 'Â', '')     UPDATE wp_posts SET post_content = REPLACE(post_content, '’', "'")     UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, 'Â', '')     UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, '’', "'")     
Please, keep in mind that to permanently resolve the issue you would need to get to the root of the problem and may need to adjust encoding, run a databas…