Forefront Unified Access Gateway (UAG) uses the Forefront Threat Management Gateway (TMG) standalone array infrastructure when deploying multiple Forefront UAG servers in an array configuration.
|Forefront TMG is automatically installed during Forefront UAG setup.|
Benefits of array deployment
Deploying a Forefront UAG array provides the following benefits:
- Ease-of-management─All Forefront UAG
servers that belong to an array share the same configuration.
During array deployment, you set one of the array members to act as
the array manager. This array manager is the central repository for
the array configuration. You make and activate configuration
changes on the array manager only, and the updated configuration
settings are propagated to all array members.
- Scalability─By grouping multiple
Forefront UAG servers into an array in which all servers share the
same configuration, you increase the Forefront UAG capacity for
throughput and number of users.
- High availability─All array members
share the same configuration. If one array member fails, remote
users can continue to access sites, portals, and published
applications, provided by another array member. If load balancing
is enabled for the array, failover is automatic as remote endpoints
connect to the array using a virtual IP address.
Forefront TMG provides two types of arrays; enterprise arrays that use a separate Enterprise Management Server (EMS) for enterprise array management, and standalone arrays. Forefront UAG uses only the Forefront TMG standalone array infrastructure, and has the following characteristics:
- The array consists of multiple Forefront UAG
single servers joined together into an array configuration.
- All array members share the same
configuration, including the same trunks, portals, portal settings,
endpoint policies, published applications, authentication servers,
permissions, predefined and custom files, and VPN client (SSL
network tunneling) settings. Some server-specific settings are
maintained, including IP addresses and passwords.
- An array does not require a separately
installed server for array management. You configure one of the
array members to act as the array manager, and then make
configuration and activation changes using the Forefront UAG
Management console running on the array manager server.
About load balancing
To implement load balancing across Forefront UAG array members, you can use either an external hardware load balancer or the Windows network load balancing (NLB) functionality that is integrated into Forefront UAG, known as integrated NLB. Using an external hardware load balancer, you can deploy up to 50 servers in an array. Using integrated NLB, up to eight array members is recommended.
Although it is recommended that you load balance traffic across the array, you can configure an array without load balancing, using separate IP addresses for each array member. An array without load balancing provides simplified management, and an available backup server with a mirrored configuration. However, to provide transparent failover between array members, you need a method of updating the name resolution, so that client requests for site and portal names resolve to the IP address of the correct array member.