M50402: Implementing Forefront Unified Access Gateway 2010 Version: A Length: 3 Days Published: June 15, 2010 Language(s): English Audience(s): IT Professionals Level: 300 Technology: Microsoft Forefront Unified Access Gateway Type: Course Delivery Method: Instructor-led (classroom) About this Course This three-day instructor-led course prepares you to design and deploy remote access solutions using Microsoft Forefront Unified Access Gateway 2010 (UAG). Forefront UAG provides organizations with unparalleled flexibility in providing access to network resources (such as Web sites and internal applications) with granular access control, custom content protection, and endpoint validation. Forefront UAG also integrates with DirectAccess, a new Windows 7 technology that provides seamless remote access to all corporate resources without connecting to a virtual private network. This course is intended for architects, consultants, network administrators, and technical sales professionals who are responsible for selling, designing, and deploying edge access solutions for enterprises. Audience Profile This course is intended for IT security and infrastructure specialists who have experience with Windows networking and authentication protocols. Experience with the IPv6 protocol is desirable but not required. At Course Completion After completing this course, students will be able to: oInstall and configure Forefront UAG as a standalone server or an array member. oPublish Microsoft Exchange Server, Microsoft Office SharePoint Server, and Remote Desktop Gateway applications to external users. oConfigure Forefront UAG to authenticate and authorize users, and enforce security policies on clients. oUse Forefront UAG as a gateway for DirectAccess clients. oUnderstand the design and deployment considerations when building an enterprise access solution using Forefront UAG. Before attending this course, students must have: oSolid understanding of Windows networking. Experience with IPv6 is desirable but not required. oWorking knowledge of Active Directory, LDAP, and RADIUS authentication. oBasic understanding of Microsoft Exchange Server 2007 and Microsoft Office SharePoint Server 2007. Course Outline Module 1: Forefront UAG Overview This module provides an overview of the features and capabilities of Forefront UAG, and the role it plays in enabling usage scenarios that are part of the Microsoft Business Ready Security strategy. Lessons oMicrosoft Business Ready Security Strategy (BRS) oForefront Unified Access Gateway Architecture oLicensing and Availability After completing this module, students will be able to: oUnderstand how Forefront UAG fits into the Microsoft Business Ready Security strategy solutions. oDescribe the Forefront UAG solution and internal architectures. oProvide customers with licensing options for Forefront UAG. Module 2: Forefront Unified Access Gateway Setup and Upgrade This module covers the setup and configuration tasks for Forefront UAG, and describes how to migrate from Microsoft Intelligent Application Gateway 2007 (IAG) to Forefront UAG. Lessons oInstalling Forefront UAG oInitial Configuration Lab : Install Forefront Unified Access Gateway 2010 oInstall Forefront UAG 2010 oConfigure the initial settings using the Getting Started Wizard After completing this module, students will be able to: oDescribe the Forefront UAG setup process. oExplain how customers can migrate from IAG to Forefront UAG. Module 3: Forefront UAG Portal In this module, you`ll understand the concept of a trunk in Forefront UAG, and how the product uses trunks to enable remote users to connect to internal applications. You`ll see the role of the Forefront UAG portals as front end interfaces for these users, and how Forefront UAG can be customized during deployments. Lessons oTrunks and Portals oPortal Customization oClient Detection Lab : Create and Configure a Portal Trunk oCreate a HTTPS trunk in Forefront UAG oConfigure an Active Directory authentication repository After completing this module, students will be able to: oUnderstand how Forefront UAG uses trunks and portals to provide access to internal resources. oExplain how to customize the Forefront UAG portal look and feel. oDescribe how Forefront UAG detects the remote endpoint capabilities and how to customize this process. Module 4: Publishing Web Applications In this module, you will learn how to configure Forefront UAG to enable remote endpoints to have access to internal Web applications. You will see how to enable access to Microsoft Exchange and Microsoft SharePoint, and how to deploy federation using Active Directory Federation Services (AD FS). Lessons oWeb Publishing Overview oPublishing Microsoft Exchange oPublishing Microsoft SharePoint oDeploying Federation with AD FS Lab : Publishing Exchange Applications oConfigure Outlook Web Access (OWA) publishing using the OWA look and feel oConfigure OWA publishing inside the Forefront UAG portal oPublish Outlook Anywhere and Exchange Autodiscover After completing this module, students will be able to: oPublish Web applications to the Internet using Forefront UAG trunks. oEnable remote client access to Microsoft Exchange and Microsoft SharePoint services. oConfigure Forefront UAG to use federation for portal and application access. Module 5: Remote Desktop Gateway Publishing In this module, you will see how Forefront Unified Access Gateway (UAG) allows you to provide access to published RemoteApps and Remote Desktops by integrating a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for Remote Desktop Services (RDS) and applications. Lessons oRemote Desktop Publishing Overview oDeploying RD Gateway Publishing Lab : Publishing Remote Desktop Services oPublish RemoteApp applications using the Forefront UAG portal oPublish a predefined Remote Desktop After completing this module, students will be able to: oExplain the benefits of using the Remote Desktop Gateway (RD Gateway) publishing feature. oDescribe how Forefront UAG integrates with RD Gateway. oExplain how to configure Forefront UAG to publish RemoteApps, predefined Remote Desktops, and user-defined Remote Desktops. Module 6: Remote Network Access This module explains how you can configure remote access to the corporate network using the legacy Network Connector application or the Secure Sockets Tunneling Protocol (SSTP). Lessons oRemote Network Access Overview oUAG/SSTP Integration Architecture oConfiguring Remote Network Access Lab : Remote Network Access using SSTP oConfigure remote network access using SSTP oPublish remote network access in the Forefront UAG portal After completing this module, students will be able to: oExplain the different technologies used by Forefront UAG to enable remote access to the corporate network. oDescribe how Forefront UAG integrates with Forefront TMG and Windows to provide SSTP VPN access to Windows 7 clients. oConfigure Forefront UAG to provide remote network access using SSTP and the Network Connector. Module 7: IPv6 and IPv6 Transition Technologies This module provides an overview of the IPv6 protocol used by Forefront UAG DirectAccess, and the technologies associated with transitioning from IPv4 to IPv6 networking. Lessons oIPv6 Overview oIPv6 Transition Technologies Lab : IPv6 and ISATAP oUse IPv6 link-local addresses for local network connectivity oDeploy an ISATAP router in an intranet After completing this module, students will be able to: oUnderstand the limitations of the IPv4 protocol, and the benefits provided by IPv6. oDescribe the addressing, routing, and name resolution characteristics of the IPv6 protocol. oExplain how ISATAP, 6to4, Teredo, and NAT64/DNS64 can be used to enable IPv6 connectivity over IPv4 networks. Module 8: DirectAccess This module gives an overview of DirectAccess, a technology enabled by Forefront UAG that provides seamless network access to Windows 7 clients. Lessons oDirectAccess Overview oDirectAccess Solution Components oPlanning a DirectAccess Deployment oDeploying DirectAccess Using Forefront UAG Lab : Deploying DirectAccess oPrepare the infrastructure requirements for DirectAccess oConfigure DirectAccess using Forefront UAG After completing this module, students will be able to: oUnderstand the benefits provided by DirectAccess to users and IT organizations. oDescribe the DirectAccess architecture and its components. oUnderstand the requirements and design decisions involved in a DirectAccess solution using Forefront UAG. oConfigure DirectAccess using Forefront UAG. Module 9: Endpoint Security Policies and NAP Integration This module presents an overview of the policy evaluation and enforcement technologies for the Forefront UAG endpoints. Lessons oEndpoint Policies oNetwork Access Protection Integration Lab : Endpoint Policies and Network Access Protection oUse the Endpoint Policies with a Forefront UAG portal application oConfigure Network Access Protection (NAP) with Forefront UAG DirectAccess After completing this module, students will be able to: oExplain how Forefront UAG can enforce endpoint policies. oConfigure Forefront UAG to use NAP for policy validation. Module 10: Array Management This module explores how Forefront UAG uses arrays to scale out to large deployments-improving the scalability and availability of the solution while reducing management overhead. Lessons oForefront UAG Array Management Overview oDeploying and Operating Forefront UAG Arrays oNetwork Load Balancing Integration Lab : Configuring Forefront UAG Arrays oInstall an additional Forefront UAG server oConfigure a Forefront UAG array and perform post-array configuration tasks After completing this module, students will be able to: oExplain the benefits provided by using Forefront UAG arrays. oDescribe the array management architecture, and the tasks involved in creating and managing an array. oExplain how the Network Load Balancing feature of Windows Server is integrated into Forefront UAG. Module 11: Enterprise Deployment and Troubleshooting This module covers the considerations involved in designing, deploying, and troubleshooting an enterprise access solution based on Forefront UAG. Lessons oDeploying Forefront UAG in Enterprise Environments oSupporting and Troubleshooting Forefront UAG After completing this module, students will be able to: oDescribe the process of designing and deploying Forefront UAG in an enterprise environment. oDescribe the tools and best practices for troubleshooting issues with Forefront UAG.