Allowing remote client access

Published: January 11, 2010

Updated: July 31, 2012

Applies To: Unified Access Gateway

This topic provides answers to these questions you should ask when planning to deploy Forefront Unified Access Gateway (UAG) endpoint components on client endpoints.

What applications do you want to publish?

To design a solution that allows clients to access applications and resources remotely, you must first define the applications and resources that they will access. Forefront UAG can allow access to a large number of applications and resources within the following categories:

  • Built-in services—Services such as File Access.

  • Web applications—Applications that use the HTTP or HTTPS protocols and a web interface.

  • Client/server and legacy applications—Applications that use non-HTTP/HTTPS protocols.

  • Browser-embedded applications—Web-initiated applications that use a web-based interface to create a non-web connection.

Different applications require different endpoint components. For example, client/server and legacy applications require you to use the SSL Application Tunneling component, whereas web applications may require only the Endpoint Session Cleanup component.

For further information on planning application publishing and securing your applications, see Publishing planning guide and Securing remote access.

Who are the clients and what are their limitations?

Although Forefront UAG can provide remote access to several operating systems and web browsers, the user experience may differ depending on the operating system and the web browser that is on the client endpoint. For a full list of supported operating systems and web browsers, see System requirements for Forefront UAG client devices.

How do you install the components on the client endpoint?

There are three options for installing Forefront UAG client endpoint components:

  • Install the endpoint components on demand when a client accesses the portal (online installation mode)—This is useful when there are a number of different applications and resources published through the portal. As a client accesses a particular application or resource, the required endpoint components are downloaded and installed.

    Online installation mode is suitable for end-users who have ActiveX download rights in Windows Internet Explorer, and are logged in with administrator privileges. In this mode, as soon as users try to access the site, before logging in, Forefront UAG downloads the Component Manager to their endpoints. After the Component Manager is installed on the client endpoint, the Component Manager determines the need for installing the remaining components each time the user accesses the site, and then installs them.

    By default, the following components are installed automatically:

    • Endpoint Session Cleanup.

    • Client Trace utility.

    • Endpoint Detection.

    If required, you can configure other components that will be installed automatically.

    The remaining components are installed, as required. For example, when the user accesses a non-web application for the first time, the Component Manager installs the SSL Application Tunneling component.

    By default, each portal or application that you publish automatically installs the endpoint components, unless you specifically change the setting to disable component installation and activation.

  • Install the endpoint components using an offline installer—This deployment method uses the Client Components Installer and is useful for end-users who do not have ActiveX download rights in Windows Internet Explorer, and are logged in with administrator privileges. It can also be used on browsers other than Internet Explorer, by end-users who are logged in with administrator privileges, to install the SSL Network Tunneling (Network Connector) component.

    In this mode, users can download an auto-install file to their computer by using either an “installer” toolbar button or a link on the portal homepage. They can then log out of the site and use this file to install the components in an offline mode.

  • Install the endpoint components using an offline installation file—This method installs the client endpoint components using a download file, and is used for end-users who do not have ActiveX download rights on Windows Internet Explorer and are non-privileged (guest/user) users. In this setup, the administrator must log in to the endpoint computer by using power-user or Administrator privileges, and install the components before the user accesses the site.