1. Install Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise edition, on a server computer with two physical network adapters.

2. Join the server to an Active Directory domain.

3. Install a computer certificate on the server that will be used for IPsec authentication, and a Web certificate that will be used by the IP-HTTPS Web listener.

4. Configure the Forefront UAG DirectAccess server to be inside the perimeter network, with one network adapter connected to the Internet and at least one other network adapter connected to the intranet.

5. Verify that the ports and protocols (listed in Forefront UAG DirectAccess prerequisites for SP1) are open on any internal or Internet-facing firewalls.

6. The DirectAccess server requires at least two consecutive, public static IPv4 addresses that are assigned to an FQDN which is externally resolvable. (Note that addresses in the ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 cannot be used to simulate the internet, even in a lab environment).

7. Install a network location server with high availability, and install the IIS role on the server. You can use any internal HTTPS server, but it must have high availability and should not be accessible from the Internet.

   Warning:
   You must not configure your Forefront UAG DirectAccess server, or your domain controller as the network location server.

8. Install Forefront UAG. For instructions, see Installing SP1 for Forefront UAG 2010.

9. Using the Forefront UAG Getting Started Wizard, designate one of the server network adapters as the Internet-facing interface, and the other as the internal network-facing interface. The Internet-facing interface requires two consecutive, public IPv4 addresses. Both IPv4 addresses must be assigned to the same interface.

10. After completing the installation of Forefront UAG, before you begin the Forefront UAG DirectAccess Configuration Wizard, it is recommended that you read the following prerequisite topics:

    • Before configuring DirectAccess clients and GPOs in SP1
      
      
    • Before configuring the Forefront UAG DirectAccess server in SP1
      
      
    • Before configuring infrastructure servers in SP1
      
      
    • Before configuring extended authentication and encryption to application servers in SP1
      
      

The first step of the Forefront UAG DirectAccess Configuration Wizard is to choose a deployment model as described in Selecting a deployment model in SP1.

Tip:
For a list of all the configuration steps you need to do after installing Forefront UAG DirectAccess, see Implementing a core Forefront UAG DirectAccess deployment for SP1.