Documenting your Forefront UAG DirectAccess design will help you explain the infrastructure and policy decisions, and record the results of the deployment phases of your project. This topic is designed to help you create a document that describes your goals and proposed timeline. At the end of each phase of your Forefront UAG DirectAccess deployment, document your design according to the following:
- Infrastructure design
- Custom configuration
- Integration strategy
- Staging strategy
Provide a brief description of how Forefront UAG DirectAccess works, or use the following description:
Forefront UAG DirectAccess gives users the experience of being seamlessly connected to their corporate network (intranet) any time they have Internet access. Forefront UAG DirectAccess enables users to access intranet resources (such as e-mail servers, shared folders, or intranet Web sites) securely without connecting to a virtual private network (VPN). Forefront UAG DirectAccess provides increased productivity for the mobile workforce by offering the same connectivity experience both in and out of the office. Forefront UAG DirectAccess is supported on Windows 7 Ultimate, Windows 7 Enterprise or later, and Windows Server 2008 R2 or later.
List your reasons for deploying Forefront UAG DirectAccess and state how your design plan will achieve these goals. Also, provide the following:
- Benefits—Describe the pre-deployment
state of the network and the benefits you expect to see as a result
of the Forefront UAG DirectAccess deployment.
- Requirements—List what is required to
achieve your goals. Examples include operating system updates,
equipment purchases, training, cross-team collaboration, and
- Progress—Describe your current
For more information, see Identifying your Forefront UAG DirectAccess deployment goals.
Infrastructure design plan
List the names and locations of servers and other devices that you will use in your Forefront UAG DirectAccess deployment. Include current and future plans. Provide the following details:
- IPv6 connectivity—Describe how you
deployed IPv6 connectivity across your intranet. Include details on
routers, default routing design, and IPv6 Internet
- Servers, devices, and roles—List all
servers and devices, including their roles, in your Forefront UAG
DirectAccess design. Include computers and other devices used for
Forefront UAG DirectAccess certificate validation and
- Packet filtering—List the packet
filters configured on Internet and intranet firewalls, across
intranet hosts, and for DirectAccess clients.
- Capacity management and
redundancy—Describe your expectations for capacity management
and redundancy in the Forefront UAG DirectAccess design.
- Scaling plan—Describe changes that
will be required to support the expansion of the Forefront UAG
DirectAccess deployment to include additional capacity.
Custom configuration plan
Use this section to document how you customized the default configuration of Forefront UAG DirectAccess to implement specific requirements on your network.
- Baseline configuration—List the steps
in the Forefront UAG DirectAccess Configuration Wizard and the
options selected for your initial configuration.
- NRPT rules—List any additional Name
Resolution Policy Table (NRPT) rules for intranet namespaces or
exemptions that you needed for your deployment.
- Connection security rules—List any
changes made to the default connection security rules in the form
of Network Shell (Netsh) commands, including the Group Policy
object, the rule name, and the changes made.
Describe your design for integrating Forefront UAG DirectAccess with the following technologies and solutions:
- VPN—Describe the changes made to your
VPN configuration to accommodate Forefront UAG DirectAccess
detection of the intranet when connected, and for third-party VPN
- Network Access Protection
(NAP)—Describe the changes to Forefront UAG DirectAccess
settings and connection security rules for Network Access
Protection (NAP) health evaluation and enforcement of DirectAccess
- Server and domain isolation—Describe
changes made to your existing server and domain isolation
deployment to accommodate DirectAccess client connectivity to
Describe how you staged the deployment of Forefront UAG DirectAccess in your organization. Include the following information:
- Staging milestones—List the set of
infrastructure and deployment milestones and their
- Timeline—Provide details of your
proposed timeline to deploy Forefront UAG DirectAccess on your
intranet. Include your initial timeline and any deviation from that
- Staging results—Provide the results
for each stage of your Forefront UAG DirectAccess deployment.
- Trends—Describe any trends in
connectivity issues encountered.