Forefront UAG: About Trunks

Using Forefront UAG trunks you can publish corporate applications for access by a wide range of remote endpoint devices.

Provides:

• A transfer channel via which you publish applications and resources.
• Provides remote access to a single corporate Web application
• Provides remote access to multiple corporate applications through a Web portal
• Allows remote endpoint devices to access corporate resources in a secure and controlled manner

Characteristics:

• Each trunk has a unique listener (IP address and port combination)
• A trunk can only listen on standard HTTP and HTTPS ports
• A trunk connects to backend servers published via the trunk using an HTTP or HTTPS connection
• A trunk can receive requests from endpoint devices over HTTP or HTTPS
• You can create a portal for a trunk (either using the default UAG portal page or a customized portal page)
• You can publish multiple applications via a trunk.  Endpoint devices type the host name of the trunk portal in a browser to connect.
• You can use authorization to restrict access to portal applications to specific users and groups only)
• You can publish a single Web application in a trunk. Endpoint devices type the application-specific host name to connect to the application.
• In an array of UAG servers, all array members share the same trunks. For load balanced traffic, each trunk has a unique VIP. Traffic arriving at the trunk can be served by any array member.

Deployment:

To deploy a trunk you:

• Create an HTTP or HTTPS trunk using the New Trunk Wizard. HTTPS trunks need a server certificate to authenticate the UAG server to clients connecting to the trunk.
• You can publish a number of Web applications; non-Web applications; remote VPN access to the corporate network; remote access to internal file servers and shares via a trunk
• You can control access to a trunk by:
  • Authenticating clients for trunk access
  • Verifying endpoint device health against UAG access controls or NAP policies
  • Authorizing users and groups for access to specific portal applications
• After creating a trunk with the wizard, you can configure trunk property pages including: IP addresses, public host name, session authentication requirements, anonymous access, session settings, logoff settings, access policies, traffic inspection

Operations:

Managing a trunk consists of:

1. Adding and removing applications from a trunk portal
2. Defining infrastructure servers used by the trunk - including certificates, NPS servers, and authentication servers
3. Tweaking trunk settings

More info

• Understanding Forefront UAG architecture: http://technet.microsoft.com/en-us/library/ee690443.aspx
• Publishing design guide: http://technet.microsoft.com/en-us/library/dd857279.aspx
• Publishing deployment guide: http://technet.microsoft.com/en-us/library/ee406199.aspx