This topic describes the design consideration when deploying Web servers for Forefront UAG DirectAccess.

You need Web locations for the following resources:

The intranet and Internet CRL distribution points can also be based on a universal naming convention (UNC) path of a file server.
When the IP-HTTPS certificate is issued by a 3rd party certification authority, you should use the Internet based CRL of the 3rd party.

In all of these cases, the Web server providing these resources must be highly available. If these resources cannot be reached, the following occurs:

For information on Internet Information Services (IIS)-based Web servers, see Planning Redundancy for a Network Location Server and Planning Redundancy for CRL Distribution Points for information about high availability for Web servers.