locked
Can UAG use a single NIC for Publishing web application / portal? RRS feed

  • Question

  • Hi,

    I have a requirement on deploying UAG which use only the Publishing feature AND a single network interface card. Is this possible can be done? If yes, how to meet with the requirements? The UAG configuration/installation wizard prompt it required two network cards....

    -Kevin 


    Thank you, Kevin
    • Edited by lsoon03 Tuesday, February 1, 2011 3:33 PM revise
    Tuesday, February 1, 2011 3:29 PM

Answers

  • Jason,

     

    Thank you.

     

     I have a requirement to deploy it to Internal and External (DMZ) segments for corporate users access. Can TMG support Single-Sign-On feature EXACTLY like UAG?

    SSO functionality that I am looking at is single-sign-on to web based application (either using Pass-through, NTLM, Form based or user account stores on internal database of a Oracle web based application for authentication)? User's password are automatically cached by TMG.

    Is that possible with TMG? What will be limitation?

    Thanks,

    Kevin

     

     

     


    Thank you, Kevin

    Hi Kevin,

    TMG can provide SSO using its delegation features, as discussed here: http://technet.microsoft.com/en-us/library/cc995215.aspx

    The most obvious limitation compared to UAG is the lack of support for delegation to forms based authentication on the backend server.

    If TMG is not a domain member, this will prevent certain delegation options (like KCD) but this is the same for UAG too.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Proposed as answer by James Kilner Thursday, February 10, 2011 7:22 AM
    • Marked as answer by James Kilner Thursday, February 24, 2011 8:25 AM
    Monday, February 7, 2011 9:56 AM

All replies

  • Hello,

    As describe here http://technet.microsoft.com/en-us/library/dd903051.aspx you must have 2 network card.


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/
    Tuesday, February 1, 2011 8:52 PM
  • Single NIC is not supported for UAG :(

    You could consider using TMG which supports a single NIC topology; albeit with slightly less advanced reverse proxy features...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, February 2, 2011 12:51 AM
  • Jason,

     

    Thank you.

     

     I have a requirement to deploy it to Internal and External (DMZ) segments for corporate users access. Can TMG support Single-Sign-On feature EXACTLY like UAG?

    SSO functionality that I am looking at is single-sign-on to web based application (either using Pass-through, NTLM, Form based or user account stores on internal database of a Oracle web based application for authentication)? User's password are automatically cached by TMG.

    Is that possible with TMG? What will be limitation?

    Thanks,

    Kevin

     

     

     


    Thank you, Kevin
    Monday, February 7, 2011 4:57 AM
  • Yes SSO feature is possible and more easy when the Forefront TMG on the private network is a domain member.

    If I remember it's also possible with :

    • Radius authentication
    • LDAP authentication

    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/
    Monday, February 7, 2011 9:50 AM
  • Jason,

     

    Thank you.

     

     I have a requirement to deploy it to Internal and External (DMZ) segments for corporate users access. Can TMG support Single-Sign-On feature EXACTLY like UAG?

    SSO functionality that I am looking at is single-sign-on to web based application (either using Pass-through, NTLM, Form based or user account stores on internal database of a Oracle web based application for authentication)? User's password are automatically cached by TMG.

    Is that possible with TMG? What will be limitation?

    Thanks,

    Kevin

     

     

     


    Thank you, Kevin

    Hi Kevin,

    TMG can provide SSO using its delegation features, as discussed here: http://technet.microsoft.com/en-us/library/cc995215.aspx

    The most obvious limitation compared to UAG is the lack of support for delegation to forms based authentication on the backend server.

    If TMG is not a domain member, this will prevent certain delegation options (like KCD) but this is the same for UAG too.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Proposed as answer by James Kilner Thursday, February 10, 2011 7:22 AM
    • Marked as answer by James Kilner Thursday, February 24, 2011 8:25 AM
    Monday, February 7, 2011 9:56 AM
  • TMG also supports single NIC mode.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Monday, February 7, 2011 4:15 PM