In this post, i'm going to show you how to install and configure UAG Array.
Here with some little information of my setup.
- 2 UAG servers with 2 NICs per server - named UAG01 and UAG02. You must use 2 NICS because deploying Forefront UAG with a single network adapter is not supported. You may refer to http://technet.microsoft.com/en-us/library/dd903051.aspx for UAG system requirement. Both UAG will need to join domain.
- Both UAG servers will be load balanced by hardware load balance. I will not show you the HLB configuration here
- A SAN certificate which will be used for OWA, EAS, OA & RMS publishing. I'm using a certificate issued by DigiCert. Example for SAN name: mail.external.com; autodiscover.external.com; rms.external.com
Pre-Requisite
Step 1:
It's recommended to rename the NICs to a meaningful name. In our case, named the first NIC to External and second NIC to Internal.
The Internal NIC will use to connect into trusted environment. This could be the LAN or a private DMZ if using an intranet/back firewall setup.
The External NIC will use to connect into untrusted environment. This could be the Internet connection if using an edge deployment, or a public DMZ if using an existing edge/front firewall.
After renamed both NICs, configure the both NICs properties as follow:
Internal NIC
- Default Gateway should not be defined
- DNS Servers should be defined
- Client for Microsoft Networks binding – Enabled
- File and Print Sharing for Microsoft Networks binding – Enabled
- Register this connection’s address in DNS – Enabled
- Enable LMHOSTS Lookup – Disabled
- NetBIOS over TCP/IP – Default
External NIC
- Default Gateway should be defined
- DNS Servers should not be defined
- Client for Microsoft Networks binding – Disabled
- File and Print Sharing for Microsoft Networks binding – Disabled
- Register this connection’s address in DNS – Disabled
- Enable LMHOSTS Lookup – Disabled
- NetBIOS over TCP/IP – Disabled
Amend and edit the NIC bind order to place the Internal NIC at the top which has the higher position than External NIC.
Step 2:
- Join both UAG servers to domain as a members server of domain.
- Add the domain\uagadmin domain account into local administrators group in both UAG servers
Step 3:
Install certificate into both UAG servers.
1. Navigate to Start > Run > enter mmc
4. Select Computer account and Next
5. Select Local Computer and Finish
11. Next
12. Finish
13. OK
14. The certificate has been imported into UAG01
2. Click File menu > Add/Remove Snap-in
3. Select Certificate and click Add
4. Select Computer account and Next
5. Select Local Computer and Finish
6. Click OK
7. Expand Certificates (Local Computer) > Personal > Certificates. Right click on the Certificates > Choose All Tasks > Import
8. On the welcome page, Next
9. Browse for the certificate
10. Enter the password
11. Next
12. Finish
13. OK
14. The certificate has been imported into UAG01
15. Repeat step 1 to step 13 for UAG02.
No comments:
Post a Comment