nAppliance Networks Blog

Archive - 2012

Date

May 2nd

Single Sign-on for Office365 with Forefront TMG

Posted Wed, 05/02/2012 - 13:40 by lan

Single Sign-on for Office365 with Forefront TMG

In my first contribution to the Forefront Security blog, I will explain how to extend the Office 365 single sign-on experience to remote users by publishing ADFS 2.0 with Forefront TMG.   

(Single sign-on allows users to use their corporate (Active Directory) user ID and password in order to access Office 365 services located in the cloud).

With this advanced deployment option, Forefront TMG is used in preference to a Federation Server Proxy

LAB Overview

 Office 365 Network Map

April 6th

Can I use the Mac OS to create a Remote Desktop connection published through the UAG?

Posted Fri, 04/06/2012 - 16:05 by inder

Most of our customers who have UAG appliances deployed also have a few Mac machines in their organizations and the issue of whether remote desktop connections can be used is something which comes up frequently on sales or technical calls.

March 15th

Hotfix available for the Remote Desktop Services’ ‘Maximum Connections Reached’ error in UAG

Posted Thu, 03/15/2012 - 15:37 by inder


Your computer can't connect to the remote computer because the Remote Desktop Gateway server reached its maximum allowed connections. Try reconnecting later or contact your network administrator for assistance

March 8th

Adding OTP AUthentication to the UAG DirectAccess Deployment

Posted Thu, 03/08/2012 - 17:05 by inder

DirectAccess is a seamless way to connect to company resources without dialing or logging into any other server. The default configuration of the DirectAccess uses Kerberos and certificates to create IPsec tunnels for a secure connection. So, how does it work? Well, the user connects their Windows 7 machine to the internet and machine creates the first IPsec tunnel, called the “Infrastructure Tunnel,” with the DirectAccess server.

February 28th

Application Publishing in TMG

Posted Tue, 02/28/2012 - 22:04 by inder

One of many good features in Microsoft TMG is the ability to publish internal web based and non-web based applications on the internet for corporate users to access remotely. Users can access applications such as Outlook Web Access, SharePoint, CRM, RDP, and Citrix as they are published through the Microsoft TMG server. There are two types of publishing in the TMG:

  • Web server publishing
  • Server publishing or non-web server publishing

To have a stable and successful setup, it is essential to plan every deployment. Before publishing any applications, you need to take into account various aspects of the deployment. The table below shows the requirements for both kinds of publishing rules in TMG:

February 10th

SharePoint publishing through TMG vs. UAG: Capabilities and Benefits

Posted Fri, 02/10/2012 - 16:54 by inder

Many of our customers wonder if it is better to use TMG or UAG for Sharepoint publishing, or whether either should be used at all. The answer, while not complex, involves some consideration of the relative capabilities and benefits of both pieces of software. In this post we will try to outline the key differences which will answer these questions. This post will give you a high level overview of the basic differences between the two.

February 5th

We aren’t IPv6-ready yet, what do we need to deploy DirectAccess?

Posted Sun, 02/05/2012 - 10:50 by inder

Every IT manager, when deciding on a strategy for deploying DirectAccess for their corporate users, has the following questions on their mind about IPv6:

January 28th

When you have no excuse to not deploy Microsoft DirectAccess

Posted Sat, 01/28/2012 - 15:14 by inder

As we have described in a previous blog post, Microsoft DirectAccess has many benefits over traditional VPN: http://www.nappliance.com/blog/nappliance-nuag-and-directaccess-better-together.

January 19th

What role does DNS64 and NAT64 play in UAG Direct Access?

Posted Thu, 01/19/2012 - 17:28 by inder

By now, most of us know what DirectAccess is. For those who don’t, Direct Access is a revolutionary VPN technology which was introduced in Windows Server 2008 R2. It provides seamless connectivity to corporate resources without requiring any dial-up or VPN. DirectAccess connectivity is based on IPsec, IPV6, and transition technologies like Teredo, 6to4, IP-HTTPS, and ISATAP. In DirectAccess, the IPv6 traffic is encapsulated in an IPv4 packet and is then sent across the internet, after which the DirectAccess server reads the IPv6 headers and executes it.

January 13th

Best practices when deploying TMG URL Filtering

Posted Fri, 01/13/2012 - 18:33 by inder

Microsoft Threat Management Gateway 2010 brings a lot of new and enhanced features to edge network security. Ever since Microsoft started with Proxy Server 2.0, and then ISA Server, URL filtering has always been something which administrators have wanted. Every company has their own IT policies and most companies want to restrict their users from visiting inappropriate or unsafe websites during their office hours from company-owned machines.