Microsoft Forefront UAG – How to configure arrays in Forefront UAG (Part 1)

by [Published on 5 Feb. 2013 / Last Updated on 20 May 2013]

In the first part of this article series, the author will show you how to create an array with two Forefront UAG Servers and how to manage them.

If you would like to read the next part in this article series please go to Microsoft Forefront UAG – How to configure arrays in Forefront UAG (Part 2).

Let's begin

In part I of this article series we will start with some basics about the Forefront UAG concepts. After that we will install a Forefront UAG with two Forefront UAG array members.


Get your copy of the German language "Microsoft ISA Server 2006 - Das Handbuch"

Forefront UAG array explained

    A Forefront UAG array is a combination of two or more Forefront UAG Servers combined into one logical unit. An array can consist of a maximum of 50 array members and up to 8 array members if NLB is used. Reasons for deploying an array with Forefront UAG:

    • Scalability - Multiple UAG servers in an array can increase capacity for throughput and number of users
    • Fault tolerance - Multiple UAG servers provide the same configuration for clients accessing the array
    • Failover - If a Forefront UAG array is load balanced with NLB (windows or Hardware Load Balancer) you have one entry point – the VIP (Virtual IP Address) which distributes traffic to all array members. In a non-load balanced array, each array member has a separate IP address – the DIP (Dedicated IP Address) and you must manually configure a Failover for example with DNS round robin

    Each server in a Forefront UAG array shares the same configuration, including trunks, published applications and VPN configuration. Forefront UAG uses a Standalone array which doesn’t requires a dedicated management Server, like the EMS (Enterprise Management Server) in Forefront TMG 2010 Enterprise arrays. The UAG / TMG configuration is stored in a local Active Directory Lightweight Directory Services (AD-LDS) instance, running on the array manager. The UAG array manager is responsible for UAG configuration changes. The configuration changes will be replicated to the other array members. One of the array members is designated as the array manager and the array manager can be manually changed.

    Forefront UAG configuration

    Now it is time to create a new Forefront UAG array.

    Start the Forefront UAG MMC and click - Array Management.


    Figure 1: Start Array Management

    Start the Array configuration wizard.


    Figure 2: Array Management Wizard

    Set this Server as the array manager.


    Figure 3: Array Manager

    Specify Array credentials.


    Figure 4: Credentials

    Add the second Forefront UAG Server to the array. This will allow later the array join from the second Forefront UAG Server.


    Figure 5: Add UAG4 to allow for array join

    Successful array manager configuration.


    Figure 6: Sucessful array join

    Join the second Forefront UAG Server to the array.


    Figure 7: Join array

    Make the second Forefront UAG Server an array member.


    Figure 8: Become a array member

    Add the Server to the array.


    Figure 9: Add to array

    Select the Array Manager (FQDN may be important for successful array join) and enter the credentials for array join.


    Figure 10: Select array manager

    The second Forefront UAG Server joins the array.


    Figure 11: Array join

    After array join it takes a moment until the configuration has been synced. You can see this in the Forefront UAG Activation monitor.


    Figure 12: UAG Activation monitor

    Sucessful array join.


    Figure 13: Successful array join

    The synchronization was successful.


    Figure 14: All in sync

    Forefront UAG management can only be done from the Forefront UAG Array manager.


    Figure 15: UAG Administration only from array manager

    If you want to change the array manager you can use the array manager wizard in the Forefront UAG console on the array manager.


    Figure 16: UAG array management

    Please, keep also an eye on the Forefront TMG configuration. Forefront UAG also synchronizes the configuration with the underlying Forefront TMG installation.


    Figure 17: TMG configuration synchronized

    Before we are able to change the trunk configuration in the Forefront UAG MMC to add the second Forefront UAG array member, we must export all required certificates with the private key (.PFX) option on the first Forefront UAG array member. These certificates must be imported with the private key option in the local computer certificate store on the second Forefront UAG array member. If you are unsure which certificates must be exported / imported, start the UAG console and compare the thumbprint in the console with the certificate in the certificate MMC.


    Figure 18: Export certificate and import on the other array member

    Now, it is time to change the external site address for the portal trunk in the Forefront UAG console. Start the console and select the required public IP address of the second Forefront UAG array member.


    Figure 19: Select IP addresses for portal

    Save the Forefront UAG configuration and activate the configuration.


    Figure 20: Activate configuration

    After the activation has been successful, you can see the Forefront UAG array status in the Forefront UAG Web Monitor.


    Figure 21: UAG Web Monitor – Array Monitor

    Conclusion

    In this first article we discovered the steps that are necessary to create a Forefront UAG with two Forefront UAG Servers. In the next article we will be talking about how to implement Network Load Balancing (NLB) for a Forefront UAG array.

    Related links

    If you would like to read the next part in this article series please go to Microsoft Forefront UAG – How to configure arrays in Forefront UAG (Part 2).

    The Author — Marc Grote

    Marc Grote avatar

    Marc Grote is an MCSA/MCSE Messaging & Security, MCSE Private Cloud and Server Virtualization, an MCTS/MCITP and a Microsoft Certified Trainer and MCLC. He is a freelance Consultant and IT Trainer in the north of Germany near Hanover. He specializes in System Center, TMG/UAG Server, Exchange, Security for Windows Server 2012 R2 and Windows Server 2012 R2 designs, migrations and implementations. His efforts have earned him recognition as a Microsoft MVP for ISA Server since 2004 until 2014. Starting in 2014 he has been awarded as an MVP for Hyper-V.

    Latest Contributions

    Advertisement

    Featured Links