Forefront Unified Access Gateway (UAG) uses the Forefront Threat Management Gateway (TMG) standalone array infrastructure when deploying multiple Forefront UAG servers in an array configuration.

Forefront TMG is automatically installed during Forefront UAG setup.

Benefits of array deployment

Deploying a Forefront UAG array provides the following benefits:

  • Ease-of-management─All Forefront UAG servers that belong to an array share the same configuration. During array deployment, you set one of the array members to act as the array manager. This array manager is the central repository for the array configuration. You make and activate configuration changes on the array manager only, and the updated configuration settings are propagated to all array members.

  • Scalability─By grouping multiple Forefront UAG servers into an array in which all servers share the same configuration, you increase the Forefront UAG capacity for throughput and number of users.

  • High availability─All array members share the same configuration. If one array member fails, remote users can continue to access sites, portals, and published applications, provided by another array member. If load balancing is enabled for the array, failover is automatic as remote endpoints connect to the array using a virtual IP address.

About arrays

Forefront TMG provides two types of arrays; enterprise arrays that use a separate Enterprise Management Server (EMS) for enterprise array management, and standalone arrays. Forefront UAG uses only the Forefront TMG standalone array infrastructure, and has the following characteristics:

  • The array consists of multiple Forefront UAG single servers joined together into an array configuration.

  • All array members share the same configuration, including the same trunks, portals, portal settings, endpoint policies, published applications, authentication servers, permissions, predefined and custom files, and VPN client (SSL network tunneling) settings. Some server-specific settings are maintained, including IP addresses and passwords.

  • An array does not require a separately installed server for array management. You configure one of the array members to act as the array manager, and then make configuration and activation changes using the Forefront UAG Management console running on the array manager server.

About load balancing

To implement load balancing across Forefront UAG array members, you can use either an external hardware load balancer or the Windows network load balancing (NLB) functionality that is integrated into Forefront UAG, known as integrated NLB. Using an external hardware load balancer, you can deploy up to 50 servers in an array. Using integrated NLB, up to eight array members is recommended.

Although it is recommended that you load balance traffic across the array, you can configure an array without load balancing, using separate IP addresses for each array member. An array without load balancing provides simplified management, and an available backup server with a mirrored configuration. However, to provide transparent failover between array members, you need a method of updating the name resolution, so that client requests for site and portal names resolve to the IP address of the correct array member.