none
General Questions RRS feed

  • Question

  • I guess I don't see the point of UAG, so far everything I see just takes website "already" available on the Internet and wraps them in the UAG portal... Whats the point in that? Our OWA, Sharepoint all work now using SSL. Thousands of phone and favorites already pointing to them.

    And lets say that I use TSWEB in the DMZ, basically does everything I need with UAG, the DMZ can take care of the security TMG provided.

    And we have several non published internal sites that I can't get to work in UAG, now that would be useful.

    The only thing I see that would be useful is RemoteApps and we don't need UAG for that.

    Thanks for your input.

    Thursday, December 12, 2013 2:53 PM

Answers

  • RDS and RDWeb are installed on Server 2012 R2 vms in an internal cluster.  I decided against using RDWeb in favor of personal vms published via the UAG.  If you want users to access internal sites, you'll need to ensure those sites are reachable on the service ports from within the DMZ (if that's where UAG is) and then publish the sites in UAG (using the application portal I assume). 

    • Marked as answer by jamicon Friday, January 3, 2014 12:03 PM
    Thursday, December 26, 2013 6:19 PM

All replies

  • Then you have to read about it, there is many features stuffed into UAG.

    For a SharePoint perspective or general web services you get SSO, and then you have all the security features, i will just point out some of them, let say you want external users on your SharePoint, on your domain all your domain clients have AV but the external user you dont know if they have it, so lets UAG check for "compliance" if user dont have AV close connection or disable upload.

    Lets say you use TMG or ISA to publish your OWA - yes Companies do that for "security", but how can you control the client - you cant, all with access to OWA can logon from unsecure clients, and when they logoff that client have cached data, and you dont control that client.

    That is just a fraction of wat it can do.

    • Proposed as answer by jamicons Thursday, December 19, 2013 1:32 AM
    Thursday, December 12, 2013 9:24 PM
  • that helps thank you, we should be able to publish just the internal sites as well thought right?
    Monday, December 16, 2013 4:37 PM
  • I have published internal sites using the application type Web -> other web application from within the trunk

    Wednesday, December 18, 2013 1:54 PM
  • did you use application specific hostname or portal hostname?
    Wednesday, December 18, 2013 2:26 PM
  • I used portal hostname to publish the RDWeb site from RDS.  I have since changed direction and am using Terminal Services, predefined desktop to allow VDI access through the UAG portal.

    • Marked as answer by jamicon Thursday, December 19, 2013 2:03 PM
    • Unmarked as answer by jamicon Thursday, December 19, 2013 5:51 PM
    Wednesday, December 18, 2013 3:50 PM
  • this si what I get when I use any web method. The rest is greek to me :-(

    Internet Explorer cannot display the webpage


    What you can try:



    You are not connected to the Internet. Check your Internet connection





    Retype the address.





    Go back to the previous page.



    Most likely causes:

    <dir>
    <dir>

    You are not connected to the Internet.

    The website is encountering problems.

    There might be a typing error in the address.

    </dir>
    </dir>


    More information

    But I just realized I can't open those internal sites from the UAG which is in the DMZ anyway. I can access Internet. How do I allow this internally.

    Everything is setup to MS UAG guildline.


    More information

    Of coarse I cannot access these sites from the UAG server in the DMZ set up strickly per MS guidline so how could I expect UAG to do it???


    • Edited by jamicon Wednesday, December 18, 2013 5:13 PM
    Wednesday, December 18, 2013 4:55 PM
  • I had to add some ACLs on our Cisco ASA to allow traffic from the DMZ to the internal network.  Once those are in place your UAG will allow the connection to the internal site.
    • Proposed as answer by jamicons Thursday, December 19, 2013 1:31 AM
    Wednesday, December 18, 2013 7:09 PM
  • So did you install RD Web Access on the UAG server??

    I'm thinking this will solve my problem, can you PLEASE supply more details?

    • Edited by jamicon Thursday, December 19, 2013 6:24 PM
    Thursday, December 19, 2013 5:51 PM
  • I created a 2012 R2 cluster with 2 hosts and a diskwitness for hosting VDI.  I also created 2 2012 R2 server vms within the cluster to host the connection broker and gateway/RD web access.  You will need to have publicly verifiable certificates in your RDS installation for them to be trusted by the externally connecting clients.  Next was configuring the HTTPS trunk on UAG with the correct external IP address, public host name, and CA-trusted certificate.  This is the point where I needed to ensure the security access lists of my ASA allowed connections ONLY from the UAG to the correct internal IP addresses.  

    So long story short, RD Web Access is installed internally and published via UAG using an HTTPS trunk and Application -> Terminal Services -> remote desktop predefined.

    If you want to make the RDWeb page available after logging into UAG you'll need to configure an HTTPS trunk that includes Web -> portal type

    I hope this helps.

    Friday, December 20, 2013 1:03 PM
  • did you install RDS and RDWeb in the DMZ or internally?

    I don't want uses logging into UAG except via the portal.

    Right now file access, and RDC work as they should, I just need users to be able to get to "internal" sites via the portal i.e., https://portal.domain.com

    stay with me, thanks!

    Thursday, December 26, 2013 5:43 PM
  • RDS and RDWeb are installed on Server 2012 R2 vms in an internal cluster.  I decided against using RDWeb in favor of personal vms published via the UAG.  If you want users to access internal sites, you'll need to ensure those sites are reachable on the service ports from within the DMZ (if that's where UAG is) and then publish the sites in UAG (using the application portal I assume). 

    • Marked as answer by jamicon Friday, January 3, 2014 12:03 PM
    Thursday, December 26, 2013 6:19 PM