Tom Decaluwé

I finished reading chapter 3  and managed to get my UAG up and running all be it I hit another unexpected issue as you will be able to read in just a bit.

- What I loved:

Overall if found this chapter great and finally started to give me an insight into how UAG works.

- After reading this chapter Trunk, application and group will make sense and it’s explained and associated in such a way that you start to wonder why you didn’t work out earlier what they where in UAG.

- The detailed breakdown of trunks gave a great insight into what types there are and where to position it into web servicing. I also especially liked the fact that even though ADFS trunks will not be explained in detail in the book a nice link was provided for those of us that might need this information more down the line. I have always found that books like this should reference more official documentation links when parts are not explained in detail. It shows real dedication to getting as much information out as possible.

- It’s all about applications in UAG and this clearly shows in this chapter. A summary of top-level and sublevel applications show just how versatile UAG is out of the box and you get a good view on more than just web app publishing done by client/server publishing,…

- I loved the fact that for the first time a book talks about the new way Win2k8 selects it’s primary ip address. For those of you that haven’t noticed yet and yes we TMG guys have run into this a lot, this is totally different than win2k3. The primary ip in the TCP stack basically doesn’t count for anything more than any other ip does. Don’t know what I’m talking about? click this link

- Good first glance of the Authentication dialog. I expect we will be seeing more of this later down the line but it does help in getting that first UAG app up and running.

- At the end of the chapter the writers explain in detail what kicks in and what’s changed when you press the apply/activate a new configuration and create a trunk. Even though there is probably much more behind the scene it give you the confidence that you have control and you not just in a black box situation.

- What I missed:

- There is a little paragraph about URL signing, and how it works. As I’m reading this if first very shortly read about how this is the enabler for multi server publishing on one ip and port. And then a few lines down it’s all about adding unique strings to published URL’s for enhanced security. I had to read this paragraph twice to figure out what it was all about. I believe URL signing is a key security feature for UAG and a concept you need to understand well. The paragraph is just to short and confusing for me and could do with splitting it up more clearly and adding some extra example / scenario. I don’t know how to explain it better but I’m guessing the experts will.

- Certificates are key for UAG and almost any other TMG, IIS or other web based deployment. However spending 6 pages on certificates to me seems out of scope for a book on UAG and we would use this page realastate to explain core UAG tech in more detail like URL signing and just reference a good MS technet post or other MS press book on this subject. However my finding is based on the fact that I have extensive knowledge of certificates so this might be a great requirement for novice users and is essential for any UAG deployment. What i would have liked is a reference / link or explanation towards these novices on how to use MS PKI to quickly generate a home made Cert for you to use on a lab deployment. People with PKI knowledge hardly need these 6 pages and those that do need these 6 pages will not know how to quickly and at no cost get a Cert to continue the book. It might be worth even putting some kind of self generated contoso certificate on the publishers website and reference that url later in the book for people just playing with the product in a lab.

- My problem:

As always you can’t expect all to go well for me on my first deploy can you. After configuring my first trunk by the book and checking everything I was still presented by a nasty IIS page instead of the hoped for UAG logon page. The page got was:

After doing a quick bing around the world it turned out I needed to restart the IIS and that would fix my issue. Sure enough it did, however there was nothing in the book about this potential hiccup but looking at the bing results I’m surely not the only one that ran into this.

Well that’s all for now, this covers all three published chapters of the RAW book up until now. I’m really looking forward to continuing our journey down UAG lane as soon as the next chapters are published and I have heard we can expect them sooner than later ;-)

Getting swampped by the amount of RDP connections you open every day? Want to keep them manageble and in a clear overview?

Don’t want to buy 3de party tools like visionapp’s,…

MS heeft een freetool om dit voor u te doen: http://www.microsoft.com/downloads/details.aspx?FamilyID=4603c621-6de7-4ccb-9f51-d53dc7e48047&displaylang=en

Yep, the summer is hot down in Moskou and MS know’s we need something here in Belgium to heat things up for us so the launched wave 3 of the summer campaign yesterday.

Check it out what’s hot:

- MSDN: Windows Phone 7:

NL: http://msdn.microsoft.com/nl-be/ff872142.aspx

FR: http://msdn.microsoft.com/fr-be/ff872142.aspx

- TechNet: Deployment:

NL:  http://technet.microsoft.com/nl-be/ff898349.aspx

FR: http://technet.microsoft.com/fr-be/ff898349.aspx

- Architects: Cloud Patterns:

NL: http://msdn.microsoft.com/nl-be/ff877815.aspx

FR: http://msdn.microsoft.com/fr-be/ff877815.aspx

I found some spare time this week to work my way through chapter two and get my UAG up and running in the lab. Even though the install most of UAG’s install is a next > next > next > finish type install it’s important to understand what the screens say and know what you are doing so don’t skip it.

Despite the simple and straight forward install I still ran into an issue during install not really covered by the book so read-on, you might end-up needing this info.

- What I loved:

In a chapter like this visual referencing is important as an image often says more than 100 words and they really come through on this. The whole install is neatly screenshot in the book and each setting explained.

- The install checklist and post install verify list are great to know what you need to do before and can check after the install.

- A very clear overview is given of all the different components that will be installed by the setup and indicating an ETA of install for each component.

- Very illustrated overview of the second faze of the install, the getting started wizard and again each setting explained to the level you expect and gives confidence you know what you are clicking.

- What I missed:

- We know what’s being installed like the SQL, Ajax,.. and even how long each component on an average takes but a tee bit more insight into the different components and what UAG uses them fore will help when things go wrong so you know what to check. Just knowing a bit of what the ISATGCTRL does could point you in the right direction of checking this service is running if X or Y is not doing what you expect. I don’t know if it’s possible but an addition to the verify overview indicating what breaks if  X is not working would be nice.

- Surprising for me to see was the ever old debate of domain vs workgroup where clearly the WG edition is being promoted as more secure. This does conflict a bit with what I read many years ago in the ISA books and what we have been promoting for so long => domain join is better. Of course this will always be a tricky thing to answer and I guess the real answer is chose what best works for you but I definitely don’t believe domain joining is in any way less secure than WG.

- In the trouble shooting section there are some common know issues mentioned and that great, the only thing I was missing here (apart from the below error I had) was a reference to  the install log. TMG during install does some very extensive logging through the windows installer interface and outputs it all to the %windir%\temp (click for more info). Of course I don’t know if UAG has this type of log location but if it does i would expect it in this chapter and as TMG is a core UAG component some mention of these files would have been nice. When thing go wrong you need somewhere to find out why and most of all that is done is logged somewhere we just don’t generally know where.

- My install error:

To my surprise however the install did not go as expected despite following the book to the letter. I ended up with an error during the very first step of the install and the book had given no info on this situation or where to look so. I ended up using the Bing to find the answer.

After inserting the ISO into my Virtual system and hitting the install UAG on the splash screen I got the following nasty message on the screen

After reading on the internet it seems this is a know issue and can have a number of different reasons: NIC mis-config , RDP issues,…

I was installing the server through RDP as this method is mentioned throughout the book and should work fine. I had followed all the checklists to the letter so had no idea why this was happening. In any case I logged of the RDP and went in through the remote console and sure enough the error was gone and install ran exactly as in the book.

After the install however I was faced with a second challenge  but luckily this hit my trusted TMG field and I knew exactly what was going on: “When you install TMG using RDP an allow RDP system policy is automatically activated, however if you go through the console this rule is not created. End result was a UAG box I could not reach to configure through RDP :-(

As I was told by the book not to change config straight in the TMG interface I explored the UAG interface to find how I could enable RDP without success. To be quite honest I didn’t really expect to find it but had a quick poke just for the sake of it. In the end I went down to the TMG interface and reconfigured the system policy and sure enough, problem solved. And my system was ready for chapter 3 ;-)

Stay tuned for a quick rap-up of the third and currently final published chapter.

Tom

After contacting Packet Publishing they provided me with a new download for my RAW copy of the UAG book.

I’ll be reading the book chapter by chapter when I get some time and I’m deploying in a test lab to see how I get along. As this is somewhat my first serious contact with UAG and I’m suing the book as my lead I though I would start the concept of RATW (Review as they write).

I’ll start of today and review each chapter as I read them and as they are published. I will not go into detail about the content as you should buy the book for the content but I do want to give you some insight as to what I thought of each chapter why I liked it or what I think it’s lacking. If you too are reading the book feel free to add your comments on each post . I can then bundle all the feedback and provide it to the writes.

Well let’s get started on Chapter1 “Planning your deployment”

- What I loved:

On a whole I really did like this chapter and found it filled in exactly what I should have done. I answered my questions on

- What UAG is and what it does and clearly explains the difference with TMG.

- Clearly explains how and where you can position your UAG on the network and what you need to think about during the deploy.

- In chapter one you will already get a nice insight into the Core of UAG being the ISAPI filter.

- Finally the words Trunk and Application make sense in UAG :-)

- Good first glance into what really happens when you head out to a UAG site, what client are supported and the fact that in the background an ActiveX/Java is installed.

- Explains the fact that you install UAG your self or by a ready made appliance and tell’s you what you will need as hardware and what you need to think about when doing it yourself.

As to the reading I found this chapter light en enjoyable. It gives good technical and design background and add's a pinch of humor to keep you going.

- What I missed:

- I would have loved if they would have taken a bit of page space to illustrate UAG being part of MS’s Forefront technologies and positioning it within these products something like this. It would be great as it can help you know if you are choosing the right product of you need and open new horizons for follow-up projects.

- The chapter explains why UAG is better than a standard firewall but I would have loved to see more on what makes UAG so unique towards competing devices. It’s nice to know that UAG add’s values compared to a standard L4 firewall but most of us will know this already. However when you all know that when you are in the field you need some key things to get UAG to sell towards competing software just a few fact’s that explain why it’s so unique or what makes it really good.

- ISAPI is very important for UAG and you get some background but it would be nice to get a link to extra reading on what ISAPI is and does as it’s so important for UAG and I think the more back ground you have on that technology the better you will understand how it really works.

- In the explanation of why and if you should domain member you UAG it’s illustrated 5 functionalities require domain membership. KCD is mentioned and as far as I can think I’m guessing this is Key Distribution Center but I was unfamiliar with this term so I’m guessing if I’m not sure a lot of readers might need some help to know what it is and and mentioning the full name might be handy.

Have fun reading the book yourself and let me know what your thoughts are.

Stay tuned for a quick rap-up of the other chapters.

Tom

For those of you that have been following the MS forefront products you will know a lot of emphasis has been placed on UAG lately as THE publishing software and publishing internal systems to the internet has been DE-emphasized for TMG.

The only problem i have heard from everybody is there is no book,… on UAG just the standard MS documentation.

Well, fear no more Ben Ben Ari and Ran Dolev are writing a book on UAG, to be published by PACKT Publishing (planned for early 2011). And the great news is you don’t need to wait until then as its a RAW book (Read as we Write).

You can order the book at: https://www.packtpub.com/microsoft-forefront-uag-2010-administrators-handbook/book

I have ordered my copy but the download link was not working at the time I’ll let you all know when they get it fixed and what I think of the book once i have the first few chapters.

But at least now we have something to work and wait for!

Microsoft Belgium is running a really nice summer campaign at the moment focusing on some key technologies you can spend your precious free moments on.

The topics being covered this summer are: Visual Studio 2010, Silverlight 4, Windows Phone 7, the Windows Azure Platform, Cloud Computing Strategy, SharePoint 2010, Desktop Deployment and Virtualisation. The Visual Studio 2010, Silverlight 4, Cloud Computing Strategy & SharePoint 2010 summer pages are already live, and the others will be coming in August.

Check out the great content at

MSDN:

Dutch: http://msdn.microsoft.com/nl-be/ff718229.aspx

French: http://msdn.microsoft.com/fr-be/ff718229.aspx

TechNet :

Dutch: http://technet.microsoft.com/nl-be/default.aspx

French: http://technet.microsoft.com/fr-be/default.aspx