If you decide to deploy a UAG DirectAccess solution, you'll want to consider whether or not you want to use the other features included in UAG, such as web and portal publishing and VPN (SSTP and Network Connector). You can't put DA and Network Connector on the same array, so that's the first thing you need to be aware of. In general, it's a good idea to separate your DA/SSTP arrays from your web and portal publishing arrays. This is a wise decision from both a management and performance perspective, because DA takes a lot of processor cycles, which will be more noticiable for your web proxy connections than your DA connections.
Good advice... What is your recommendation for the following customer scenario (let's say there are about 100 remote users).
1. Direct Accress Portal 2. Network Connector Access 3. Publish OWA, CRM 4.0 and Sharepoint for Domain Users 4. Publish Sharepoint for non-Domain Users 5. Provide outbound Web Filtering 6. Provide inbound SPAM filtering
Based on your advice, it appears that #1 is a dedicated UAG server.
Since Web / SPAM filtering is not supported on UAG I assume #5 and #6 would be a TMG server.
Would a second UAG server handle the remaining options or are you recommending a dedicated server for the Network Connector?
Yep - it's always good to look at the support boundaries - they define what we can support and not support. That isn't to say that it won't work, but that the scenarios called out in the support boundary document represent tested configurations (although they may not be documented).
In general, you can run all the roles on the same UAG server or array, with the exception of the Network Connector. You can't run the Network Connector on the same server or array that has the DA server role running on it.
In addition, UAG doesn't do any spam filtering. You can't install the FPE/email protection features included with TMG on the UAG.
Network Connector can run with all the Web proxy/portal related roles.
The DA server can be co-located with the SSTP VPN server.
That's how I'd split up the roles in a production environment.