Introduction to endpoint component deployment design

Updated: February 15, 2013

Applies To: Unified Access Gateway

Some of the Forefront Unified Access Gateway 2010 SP3 features discussed in this article may be deprecated and may be removed in subsequent releases. For a complete list of deprecated features, see Features Deprecated in Forefront UAG SP3.

This topic provides an overview of endpoint components, and how they are used in your endpoint component deployment in Forefront Unified Access Gateway (UAG).

When designing your endpoint component deployment, make sure you know which applications will be published through the Forefront UAG server, because different types of applications require the use of different endpoint components.

About endpoint components

Forefront UAG installs client components on client endpoints to enable Forefront UAG remote access features. Different remote access features require different client components on the client endpoint. As soon as the client endpoint attempts to access a Forefront UAG site, Forefront UAG attempts to determine which client components are installed and running on the endpoint computer. Detection is performed by the Forefront UAG Endpoint Detection component that is installed on the client endpoint. The Endpoint Detection component verifies the identity of the Forefront UAG site against the site’s server certificate, and checks whether the site is on the client endpoint’s Trusted Sites list. Only if the site is trusted, can the component run on the client endpoint, and collect the data that identifies settings and features on the client endpoint, and identify which client components are installed and running on the computer.

The Forefront UAG endpoint components that are installed on client endpoints to enable Forefront UAG features and functionality, include:

  • Forefront UAG Endpoint Component Manager—Downloads, installs, manages, and removes all the Forefront UAG endpoint components. There are two versions of this component: ActiveX and Java Applet.

  • Forefront UAG Endpoint Session Cleanup—There are two versions of this component: ActiveX and Java Applet. For more information, see About the Endpoint Session Cleanup component.

  • Forefront UAG Endpoint Detection —There are two versions of this component: ActiveX and Java Applet. For more information, see About the Endpoint Detection component.

  • Non-Web tunneling—Several components are used to provide SSL tunneling capabilities. For more information, see About SSL tunneling.

    The SSL tunneling components are:

When a user first accesses the Forefront UAG site, Forefront UAG detects whether it can install the client components on the endpoint computer, according to the prerequisites described in Who are the clients and what are their limitations?.

Note the following:

  • On endpoint computers that meet these prerequisites, the Forefront UAG Component Manager installs only the client components required by the published application.

    By default, the following components are installed automatically:

    • Forefront UAG Endpoint Session Cleanup

    • Client Trace utility

    • Forefront UAG Endpoint Detection

  • On client endpoints that do not meet these prerequisites, the Forefront UAG client components are not installed.

Note

In cases where the SSL Application Tunneling ActiveX component is not installed and cannot be installed on a client endpoint, when the client endpoint attempts to access a non-Web application, the SSL Application Tunneling Java applet runs to enable access to the application. The Java applet provides SSL Tunneling functionality only, and does not enable any of the other features that are enabled by the Forefront UAG client components, such as client endpoint detection, Forefront UAG Endpoint Session Cleanup, Socket Forwarding, or SSL Network Tunneling.