Skip to main content

UAG Pre-installation Checklist

Here's a quick pre-installation checklist I have developed for the UAG deployments. Of course, it may not cover all possible deployment scenarios. So, feel free to expand upon it as necessary.




Network:
  • Networking has been configured correctly
  • Static IPs assigned to all network interfaces
  • Static IPs to be assigned to each trunk (in load-balanced array this will be assigned to the VIP associated with the trunk) have been reserved
  • Connectivity to the Internet works
  • Connectivity to the internal network works
  • All internal networks (network ranges that UAG will be fronting/protecting) have been explicitly identified


Server(s):
  • All servers meet system requirements 
  • All available Windows updates have been installed
  • All servers are clean, with no additional (unnecessary) software installed
  • All servers have been properly named
  • If applicable (required for UAG array), all servers have been joined to the domain 
  • No previous versions of UAG, TMG, or SQL are installed on any of the servers
  • Windows firewall service is started, and set to start automatically on all servers

Accounts:
  • User account (domain account if UAG server is joint to the domain) and password to perform UAG installation have been identified (must have administrative permissions on the server)
  • User account and password that will be impersonated by UAG to retrieve data from Active Directory have been identified (must have permissions to traverse AD and read objects and their attributes). Similar provisions will apply to other authentication repositories. 
  • If SharePoint resources are to be published, user account and password to access SharePoint central admin (for AAM modification) has been identified.  



Media and Licenses:

  • UAG installation media (latest version with applicable service packs and updates) has been obtained and made available
  • UAG product key / license has been obtained and made available


Miscellaneous:
  • All required URLs (for trunks and applications to be published) have been identified
  • Means of creating/editing DNS records (for the URLs mentioned above) have been established
  • Valid digital certificates for each trunk and each application that will require the use of HTTPS (SSL/TLS) have been obtained and made available

NOTE: The certificates should match the FQDN names used in access URL (for example: if https://xxx.yyy.com is used to access UAG portal, then the certificate should be issued to xxx.yyy.com). To simplify operations the use of wildcard (*.yyy.com) certificate is recommended.
Labels:

Comments

Post a Comment

Popular posts from this blog

  Copilot Studio: Capabilities, Strategies, Scenarios 💡 Ready to Supercharge Your Team with AI? 🧠 A critical question for every leader: How do you transform the massive potential of AI into a practical, powerful, and cost-effective tool for your entire organization? 🤔 This guide explores various nuances of the AI adoption: 1️⃣ The Innovation Opportunity: The drive to deploy generative AI is reshaping the modern workplace, offering a monumental leap in productivity and creativity. This is the moment to empower your teams. 🚀 2️⃣ The Strategic Blueprint: Unlocking this potential requires a clear strategy. Navigating the licensing models for powerful tools like Microsoft Copilot Studio is the key to maximizing value and avoiding unexpected costs. 🗺 ️▶️ Our new interactive guide makes it simple. We break down the licensing paths, visualize the costs, and provide a clear, actionable roadmap for implementing a winning hybrid AI strategy. See how you can empower everyone, from citizen...
Post a Comment
Read more
  AI Agents as Trusted IoT/Software Defined Devices 🤖 Your Newest Endpoint Isn’t a Laptop; It’s an AI Agent. Are You Ready to Secure It? Dive into the next frontier of cybersecurity. Autonomous AI agents are no longer just code; they are powerful actors in our digital ecosystems. Treating them as simple software leaves a massive security gap. Our latest report introduces a new paradigm: The AI Agent as a Software-Defined Device. Discover the essential framework for securing the agentic future: ➡️ The Agent-as-Device Model: Learn why abstracting agents as software-defined devices, similar to IoT endpoints, is the key to managing their complexity and risk. Secure the “hardware” (host), “software” (agent logic), and “network” (communications). ➡️ A Digital Passport for AI: Move beyond static API keys. Explore how Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) create a cryptographic root of trust, giving every agent a verifiable identity and provable permissions. ➡️...
Post a Comment
Read more
  AI Trends in DevSecOps 🤖 The AI Co-Developer Is Here: Is Your DevSecOps Ready? Dive into the symbiotic evolution of AI and DevSecOps. While AI coding assistants are accelerating development at an incredible pace, they’re also scaling security risks and introducing a new, complex attack surface. Discover the critical shifts redefining secure software development: ➡️ Secure the Foundation First: Learn why 99% of organizations have sensitive data exposed and how to tame the “blast radius” of GenAI tools before deployment by focusing on data security posture. ➡️ The Intelligent IDE: Move beyond just finding flaws. See how AI-generated fixes are revolutionizing secure coding by slashing remediation times and empowering developers to fix vulnerabilities in seconds. ➡️ The War on Noise: Understand how AI is finally solving the false positive problem in CI/CD pipelines, making fully automated security gates an operational reality. ➡️ Think Like the Adversary: Explore the rise of AI Red ...
Post a Comment
Read more