UAG Direct Access Multiple ISP's, Sites and HA RRS feed

  • Question

  • Hi,

    I am looking for some clarification/guidance on setting up resilience in UAG Direct Access. I am looking to achieve High availability using 2 ISP’s and 2 subnets if possible. We have 2 sites (A and B). Both A and B have independent internet connections and a separate link together. Ideally I would like to implement UAG direct access in an active passive mode with site A being the primary site and if the server goes down or the internet connection drops clients would failover to site B for the direct access connection. As both sites are on different subnets and have different internet connections I am unable to use an array (I believe anyway).

    It is a simple function that the likes of Cisco etc… have been providing for years but it does not seem possible with UAG direct access.


    Any help would be appreciated.



    Wednesday, July 28, 2010 7:41 AM


All replies

  • Last I heard, you need some form of solution infront of UAG to provide the IP failover as DA uses IPv4 addressing in the DA client configuration.

    F5 networks have a UAG solution which may help...



    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, July 28, 2010 8:13 AM
  • Failover between different UAG Direct Deployments is currently unsupported, but it's something we're looking into.

    Wednesday, July 28, 2010 10:50 AM
  • Hi,

    Thanks for the feedback. So I suppose bottom line there is no way to implement any sort of resiliance using UAG unless the UAG servers are on the same internal subnet and using the same External Subnet.

    Seems a little restrictive.

    Thanks anyway


    Wednesday, July 28, 2010 11:18 AM
  • There is a way to achieve this, but it involves heavy manual configuration.

    Supporting this is on our top priority, so look forward for it.

    Wednesday, July 28, 2010 1:16 PM
  • Sounds interesting, any documents on this? I have been playing around with using different group policies for different servers for the clients GPO. Is this the "manual" route that you have to go down?
    Wednesday, July 28, 2010 2:39 PM
  • Hi Ciaran,

    The manual approach while possible, isn't supported by UAG at this time and hasn't been thoroughly tested.

    We know that this is a critical piece of functionality for an enterprise ready solution and as Yaniv mentioned, there is work being done here.



    MS ISDUA/UAG DA Anywhere Access Team
    Thursday, July 29, 2010 12:35 AM
  • Hi,

    Any update on this issue?


    Wednesday, December 22, 2010 9:28 AM