• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What's the Best DA Deployment Configuration?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What's the Best DA Deployment Configuration? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What's the Best DA Deployment Configuration? - 19.Apr.2010 9:43:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
If you decide to deploy a UAG DirectAccess solution, you'll want to consider whether or not you want to use the other features included in UAG, such as web and portal publishing and VPN (SSTP and Network Connector). You can't put DA and Network Connector on the same array, so that's the first thing you need to be aware of. In general, it's a good idea to separate your DA/SSTP arrays from your web and portal publishing arrays. This is a wise decision from both a management and performance perspective, because DA takes a lot of processor cycles, which will be more noticiable for your web proxy connections than your DA connections.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: What's the Best DA Deployment Configuration? - 19.Apr.2010 11:30:30 AM   
BigDon86

 

Posts: 7
Joined: 8.May2003
Status: offline
Hi Tom;

Good advice... What is your recommendation for the following customer scenario (let's say there are about 100 remote users).

1. Direct Accress Portal
2. Network Connector Access
3. Publish OWA, CRM 4.0 and Sharepoint for Domain Users
4. Publish Sharepoint for non-Domain Users
5. Provide outbound Web Filtering
6. Provide inbound SPAM filtering

Based on your advice, it appears that #1 is a dedicated UAG server.

Since Web / SPAM filtering is not supported on UAG I assume #5 and #6 would be a TMG server.

Would a second UAG server handle the remaining options or are you recommending a dedicated server for the Network Connector?

Thanks;

Don
USEast

(in reply to tshinder)
Post #: 2
RE: What's the Best DA Deployment Configuration? - 19.Apr.2010 1:02:02 PM   
BigDon86

 

Posts: 7
Joined: 8.May2003
Status: offline
Replying to my own Post ...

It appears that the best way to answer my question below is to look at the UAG / TMG support boundries - http://technet.microsoft.com/en-us/library/ee522953.aspx

Don

(in reply to BigDon86)
Post #: 3
RE: What's the Best DA Deployment Configuration? - 20.Apr.2010 10:54:32 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Don,

Yep - it's always good to look at the support boundaries - they define what we can support and not support. That isn't to say that it won't work, but that the scenarios called out in the support boundary document represent tested configurations (although they may not be documented).

In general, you can run all the roles on the same UAG server or array, with the exception of the Network Connector. You can't run the Network Connector on the same server or array that has the DA server role running on it.

In addition, UAG doesn't do any spam filtering. You can't install the FPE/email protection features included with TMG on the UAG.

Network Connector can run with all the Web proxy/portal related roles.

The DA server can be co-located with the SSTP VPN server.

That's how I'd split up the roles in a production environment.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to BigDon86)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What's the Best DA Deployment Configuration? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts