locked
DirectAccess or UAG with TMG RRS feed

  • Question

  • G'day All,

    I am about to commission an Enterprise TMG solution: one TMG database & two gateways using NLB on both the front & rear interfaces. The infrastructure is all virtual on clustered hosts. Echange 2010 Edge Server & Forefront for Exchange are also running on the TMG gateway servers.

    My client now wishes to extend the project & include DirectAccess.

    Q1) In a NLB environment, should my client be using DA or UAG?

    Q2) I know TMG can be installed on a UAG server. Is the order critical like with TMG & Exchange? Can I now install UAG on a TMG server?

    Q3) Would a separate DA server parallel to the TMGs be more appropriate?

     

    Thank You

    PAC

     

    Friday, May 20, 2011 12:19 AM

All replies

  • No. UAG is actually installed with TMG already as part of the setup. However the purpose of the TMG in this respect is to protect the UAG server and therefore, with very few exceptions, the TMG element of the UAG box should not be configured directly by yourself in any shape or form.

    If your client wants directaccess without UAG then you need to be looking at an IPv6 environment - is that in their plans also?

    The ideal is TMG as you have already planned it and UAG either in parallel or even behind the TMG front-ends.


    Keith Alabaster - MVP/Forum Moderator
    Friday, May 20, 2011 6:02 AM
  • Peter, you might want to review this link  -  http://technet.microsoft.com/en-us/library/ee406236.aspx  This is good information on the NAT64 and DNS64 that comes automatically with a DA implementation using UAG.

     

    Friday, May 20, 2011 6:30 PM