Which UAG Roles are Supported on the same Server or Array? (Full Version)

All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess



Message


tshinder -> Which UAG Roles are Supported on the same Server or Array? (2.Jun.2010 11:00:36 AM)

While I generally recommend that you remove your DirectAccess role from all the other roles (with the exception of SSTP VPN server) on the UAG server, the fact is that you can run all the UAG server roles on the same server or array. The only exception is that if you configure the UAG server or array as a DirectAccess server, you cannot configure the Network Connector on a server or array that's configured with DirectAccess.

The challenge with this consolidated configuration is that sizing can be difficult. The DirectAccess server requires a lot of processing power, because of the IPsec encryption, as well as the TLS encryption required by IP-HTTPS connections. Now, add that to the TLS encryption requirements for the web portal and proxy connections and you're going to need significant processing horsepower. How much? That's hard to say. Microsoft is working on sizing guidance now, but the guidance will be separate - a set for the DirectAccess role and a set for the non-DirectAccess roles.

HTH,
Tom




Page: [1]