locked
UAG array and NLB questions RRS feed

  • Question

  • Hi,

    According to the UAG IPD:

    "Load balancing of incoming requests can be performed by either of the following:

    ·         Windows Network Load Balancing (NLB). Up to eight Forefront UAG servers can be placed into an array to load balance VPN or DirectAccess traffic.

    ·         Hardware load balancer. A hardware load balancer is not supported for Forefront UAG when it is used to provide an array for DirectAccess.

    Note that Forefront UAG is not supported in a Microsoft failover cluster.

    No architectural guidance is available for determining the number of servers that will be required in the array. The array function is implemented by Forefront TMG, which is installed by the Forefront UAG installer. The array members share the same configuration and provide the same set of services. If an array node fails, services can be accessed from another array member. One of the array members is configured as the array manager and holds the configuration for the entire array.

    To deploy multiple Forefront UAG servers in an array, all the servers must be domain members."


    A few questions:
    1. "The array function is implemented by Forefront TMG" so there is no separate UAG array concept? I can only think of a manual reconfiguration option here.
    2. In order to have a UAG array, do I need the Standard or Enterprise Edition of TMG? I guess that is covered by the UAG license agreement? Do I need to purchase different UAG/TMG combo then?
    3. The IPD states: "To deploy multiple Forefront UAG servers in an array, all the servers must be domain members" - is there a way to achieve a UAG array concept, without domain membership? Probably not.
    4. Can I assume that if I do not utilise DirectAccess, I can still use a hardware load balancer for UAG?

    Thank you,
    TZ

    Thursday, November 19, 2009 7:37 AM

Answers

  • Hi TZ,

    to complement to what Max has already replied:


    1. UAG is closely integrated with TMG and in fact, as the UAG IPD you copied above mentions, UAG is also installing TMG: "
    The array function is implemented by Forefront TMG, which is installed by the Forefront UAG installer." For many aspects, TMG becomes a component of UAG. One of these aspects is the array functionality. UAG is maintaining its own configuration by passing it to TMG for TMG to store it in its ADAM database. Therefore, the UAG array functionality is also achieved by utilizing TMG's array and configuration storage and replication between array members capabilities. There is no manual reconfiguration necessary, everything is handled via the UAG Management console.

     

    2. You do not need to decide by yourself which edition of TMG you “need”. You just install UAG and the UAG installer installs for you TMG. But, since you asked, UAG installs the Enterprise edition of TMG, and you do not need to purchase or license it separately, UAG includes it.

     

    3. UAG array requires domain membership of all array members, so the answer to your question is: no, workgroup mode is not supported.

     

    4. As Max already mentioned, you can use a hardware load-balancer for UAG even today, pre-RTM, when not using DirectAccess, and starting with UAG RTM, you will be able to use a hardware load balancer for DirectAccess too.

     

    Regards,

    -Ran

    • Proposed as answer by Ran [MSFT] Tuesday, November 24, 2009 8:45 AM
    • Marked as answer by D Wind Tuesday, November 24, 2009 10:22 AM
    Tuesday, November 24, 2009 8:42 AM

All replies

  • Have answer only for 4:
    Pre RTM, you can use hardware load balancer for all scenarios except DirectAccess.
    RTM, all scenarios(including DirectAccess) support hardware load balancer.
    Tuesday, November 24, 2009 6:14 AM
  • Hi TZ,

    to complement to what Max has already replied:


    1. UAG is closely integrated with TMG and in fact, as the UAG IPD you copied above mentions, UAG is also installing TMG: "
    The array function is implemented by Forefront TMG, which is installed by the Forefront UAG installer." For many aspects, TMG becomes a component of UAG. One of these aspects is the array functionality. UAG is maintaining its own configuration by passing it to TMG for TMG to store it in its ADAM database. Therefore, the UAG array functionality is also achieved by utilizing TMG's array and configuration storage and replication between array members capabilities. There is no manual reconfiguration necessary, everything is handled via the UAG Management console.

     

    2. You do not need to decide by yourself which edition of TMG you “need”. You just install UAG and the UAG installer installs for you TMG. But, since you asked, UAG installs the Enterprise edition of TMG, and you do not need to purchase or license it separately, UAG includes it.

     

    3. UAG array requires domain membership of all array members, so the answer to your question is: no, workgroup mode is not supported.

     

    4. As Max already mentioned, you can use a hardware load-balancer for UAG even today, pre-RTM, when not using DirectAccess, and starting with UAG RTM, you will be able to use a hardware load balancer for DirectAccess too.

     

    Regards,

    -Ran

    • Proposed as answer by Ran [MSFT] Tuesday, November 24, 2009 8:45 AM
    • Marked as answer by D Wind Tuesday, November 24, 2009 10:22 AM
    Tuesday, November 24, 2009 8:42 AM
  • Thank you both for the feedback.
    Tuesday, November 24, 2009 10:23 AM
  • A followup to this question.

    Is it possible to load balance (either NLB or HW LB) 2 or more UAG servers that are not configured in an array? (i.e. Configuration manually exported/imported, no domain membership, no array, etc...)
    Wednesday, December 16, 2009 1:00 AM
  • Yes, you can use HW LB to load balance multiple UAG boxes, not joined into array. THis is similar to method used in IAG, that supported HW LB without array
    Saturday, January 2, 2010 6:42 PM
  • Also, make sure to install http://support.microsoft.com/kb/978943

    Thanks!
    Tom

    MS ISDUA Anywhere Access Team
    Tuesday, January 26, 2010 3:42 PM
  • I am wondering. For backup and restore purposes, can you export the config from one UAG Array and then restore (import) it to another set of servers in an array and then change the IP addressing for those servers?
    Thursday, April 21, 2011 4:33 PM
  • From what I have heard, that is not actually supported...not sure why though...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, April 21, 2011 11:13 PM