UAG Configuration for roaming employee access to SharePoint

Posted on 2012-09-18
Last Modified: 2012-11-17
We would like to improve the roaming access to Juniper VPN for our users out on the road - including making sites available from iPhone and iPad.

We use claims based authentication for our 2 SharePoint web front ends which then go to an F5 before hitting our WAN and domaain.
UAG has been a solution proposed by Microsoft and others and I am  assuming that we would need a windows server stood up in front of the F5 with one network into the F5 and then one network on the public internet.
I guess we probably also need an additional network for management of the UAG.

So UAG server with 3 interfaces
 - Public IP (does this need to be one or two sequential IP addresses and is it best if this is directly on the pubic IP range or should this be behind the firewall with a NAT)

 - Management IP (so we can remote and configure the UAG)

- IP address for UAG to SharePoint (UAG->F5->SharePoint)

Is this the correct way to do this?
Does anyone have any suggestions for vendors with UAG expertese in the Bay Area that could help us with this work?
Question by:blods
    1 Comment
    LVL 35

    Accepted Solution

    a.) The external IP can be one or two, depends how the sites are named and the authentication type. As the IP as a HTTP / HTTPS Listener, the general rule is ...
    All published sited can use the same IP, as long as they can be seperated by the URL and use the same authentication type.

    If you assign an external IP to UAG, you may route the traffic through the F5. If you produce a double NAT, it can produce some interesting effects. But doesn't mean, that is doesn_t work.

    2.) If you need a seperate config network, depends from where you want to configure and if it is a stand alone or "clustered" solution with a configuration storage.

    3.) The internal IP, either from the internal network or a seperate Network between UAG and Sharepoint.

    4.) I'm a bit far away, nevertheless remote works at anytime.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
    There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now