The Publish Application Wizard helps you to publish internal applications and servers via a Forefront Unified Access Gateway (UAG) portal. This topic provides a summary of the pages and settings available when you run the wizard to publish an application in a portal.

• Select Application page
  
  
• Application Setup page
  
  
• Endpoint Security page
  
  
• Application Deployment page
  
  
• Web Servers page
  
  
• Connectivity Verifier Settings page
  
  
• Server Settings page
  
  
• Authentication page
  
  
• Portal Link page
  
  
• Authorization page
  
  

Select Application page

Built-in services

Select to publish predefined services and applications, such as, File Access and SSL Tunneling (with Network Connector or SSTP).

Web applications

Select to publish applications that use the HTTP or HTTPS protocol, and have a Web interface. You can publish a single Web application, or a farm of backend Web servers.

Client/server and legacy applications

Select to publish applications that use non-Web (HTTP or HTTPS) protocols. Applications of this type are handled by the SSL Application Tunneling endpoint component.

Browser-embedded applications

Select to publish Web-initiated applications that use a Web-based interface to create a non-Web connection. Applications of this type are handled by the SSL Wrapper endpoint component. You can publish a single browser-embedded application or a farm of backend servers.

Application Setup page

Application name

Specify the name of the application as it will appear on the portal page.

Application type

Specify this value if you are publishing a generic Web application; otherwise, Forefront UAG will determine the application type. If you publish multiple generic Web applications of the same type in a portal, this value should be identical for each application.

Endpoint Security page

Access policy

Select a policy with which endpoints must conform in order to access the published application.

Upload policy

Select a policy with which endpoints must conform in order to upload content associated with the published application.

Download policy

Select a policy with which endpoints must conform in order to download content associated with the published application.

Restricted zone policy

Select a policy with which endpoints must conform in order to gain access to the restricted zone of an application, if one is configured.

Edit Endpoint Policies

Click to modify default Forefront UAG access policies, or to create new policies.

Application Deployment page

Publish a Web site

Select this option to publish a single Web application

Publish a farm of load-balanced Web servers

Select this option to publish a farm of mirrored Web servers

Web Servers page

Address type

Click IP/Host to identify the Web server with one or more IP addresses or DNS host names. Click Subnet to define the multiple IP addresses with a subnet and mask. Click Regular Expression to define multiple IP addresses using the Regex++ regular expression syntax to define the address range in Addresses. For example: [0—9A—Z—]+\.contoso\.com. When you use regular expressions, a corresponding rule is added in Forefront Threat Management Gateway (TMG), to allow traffic from the local host network (the Forefront UAG server) to any server in the Forefront TMG internal network, on the configured port.

Addresses

If you select IP/Host, double-click in the Addresses list to add a value.

Paths

If the Paths list appears, double-click in the list to specify the path of the published application. A path must start with a slash (/) character.

HTTP Port

Specify the port on which the application is published. To use the default port for the application, type Auto. To enable all ports type All. To disable all ports leave the field empty. To define multiple ports, use comma-separated entries (for example: 81, 82, 83). To define a range of ports, use a dash (for example: 81-84).

Public host name

If this field appears, specify the URL that the user types to access the Web application. This field is only used for Web applications that support public host names. The public host name must match the server certificate, and reside in the same domain as the public host name of the trunk. If you are publishing a Web farm, the name should be the FQDN of a real host, including the domain name.

Replace host header with the following field

If this field appears, specify a URL to be used to distinguish the internal host name of the application from its public host name. The URL should include the domain in which the trunk is located. For example, if the public host name of the application is HRPortal, and the trunk resides in the domain contoso.com, specify: http://HRPortal-External.contoso.com.

Server farm host

If you are publishing a Web farm, in Server farm host, specify the host name of the Web server farm. This name is used for link translation, IP session affinity, and optionally the HTTP host header.

Use the farm name in the HTTP host header

If you are publishing a Web farm, enable this value to specify that the host name in the HTTP request should be replaced with the farm host name. For the load-balancing method, select the affinity method to be used for Web farm requests.

Connectivity Verifier Settings page

Verification Method

Select the method by which server farm member status will be verified. In order to check server availability, the connectivity verifier resolves farm names and caches the resolution information. If DNS resolution changes for a farm member, this may not be detected by the connectivity verifier which continues to use cached settings, and will consider the farm member as unavailable.

• Send an HTTP GET request—Click this option to verify the server farm members with an HTTP GET request. In the Request path box, specify the path to be used to determine whether the server farm members are running.
  
  
• Send a Ping request—Click this option to verify the server farm members with a Ping request.
  
  
• Establish a TCP connection—Click this option to verify the server farm members by establishing a TCP connection.
  
  
• In Timeout response threshold, specify the length of time (in milliseconds) that a connectivity verifier will wait for a response from a server.
  
  
• In Successful response threshold, specify the number of consecutive responses that Forefront UAG must receive from the server before the server is considered to be running.
  
  
• In Failed response threshold, specify the number of consecutive responses that Forefront UAG must receive from the server before the server is considered to be down.
  
  

Server Settings page

Authentication page

Use single sign-on to send credentials to published applications

Enable this setting to forward credentials (provided by users when accessing the Forefront UAG portal) to backend Web servers.

Select authentication servers

Click Add to select the server or servers that will be used to authenticate users to backend Web servers. To select a server, in the Authentication and Authorization Servers dialog box, select authentication servers in the list, and then click Select. Click Add to add an additional authentication server.

401 request

Select to authenticate users to published Web applications using HTTP 401.

HTML form

Select to authenticate users to published Web applications using an HTML form.

Both

Select to authenticate users with an HTTP 401 and an HTML form. Note that you can also delegate user credentials to backend applications using Kerberos. This setting is not provided in the wizard, but can be configured on the application property pages, after you complete the publishing wizard.

Portal Link page

Add a portal and toolbar link

Enable this setting to add an application link to the default portal home page and toolbar.

Portal name

If required, modify the name by which the application is defined in the portal. The default is the name you specified on the first page of the wizard.

Folder

Specify a folder or subfolder via which the user can access the application if required. The URL must be an absolute URL (for example, https://www.contoso.com). Note that if you defined the application address using the IP address/Host name address type, the URL that is displayed here is, by default, a combination of the values of the Addresses and Paths fields. Ensure that it is the URL of the application link.

Application URL

Specify the internal entry link URL from the portal to the application. The URL must be an absolute URL (for example, https://www.contoso.com). Note that if you defined the application address using the IP address/Host name address type, the URL that is displayed here is, by default, a combination of the values of the Addresses and Paths fields. Ensure that it is the URL of the application link.

Mobile URL

Specify the internal entry link URL from the mobile portal to the application. The URL must be an absolute URL (for example, https://www.contoso.com/contoso).

Icon URL

Specify the URL of the icon representing the application (displayed in the portal to the left of the application name).

Open in a new window

Enable to specify that the application should open in a new window.

Authorization page

Authorize all users

Enable to specify that all remote clients authenticated for portal access can view and access the application. If you clear this check box, you must configure authorization settings for the application.

Users and Groups

In Users and groups, click Add to add users and groups who are authorized to access this portal application. For more information about configuring users and groups, see Implementing users and groups for application authorization.

---

Copyright © 2010 by Microsoft Corporation. All rights reserved.