- Mastering Microsoft Forefront UAG 2010 Customization
- Erez Ben-Ari Rainier Amara
- 890字
- 2021-08-20 15:46:51
What can you customize?
Virtually every aspect of UAG's operation can be customized to some degree, but generally speaking, the customizable framework is spread across the following core categories:
- Look and feel
- Clients, endpoint detection, and policies
- Application templates
- Authentication to UAG
- Authentication to backend applications
- Application and data flow
Look and feel
Customizing the look and feel refers to anything that has to do with what the user and/or administrator sees. This includes altering the text and graphics displayed by the portal, customizing application icons, changing the layout, setting the server to display additional data to the administrator or the user, and so on.
For example, some companies are perfectly happy with just a simple change from the default blue UAG color scheme, and at a push maybe even apply some subtle text changes plus a company logo, but for others you'll see nothing short of a complete rework, where frontend and portal pages have been entirely customized into stunning works of creativity.
Other look and feel customizations could be geared towards improving the user experience itself, such as by including some basic help or even a portal quick FAQ page, service messages or disclaimers, and of course, extending UAG's language capabilities to beyond those of the default predefined language set.
Needless to say, this makes for a completely tailored experience where the potential here is limited only by your imagination.
Clients, endpoint detection, and policies
The default endpoint policies included in UAG can be tailored to the organization's needs using a GUI-based editor and a script-based editor. However, these are often misunderstood, and we will take the opportunity to elaborate on these here. Additionally, UAG comes with an elaborate detection script that collects over 300 parameters from endpoints, but this too can be extended to collect additional info. This provides the organization with the ability to dictate special requirements, thus providing increased security for endpoint filtering and control.
Additionally, UAG allows you to customize and control which endpoint components are installed on clients, and this provides for a better user experience, as it can reduce the number of browser restarts and client reboots that result in incremental installation of components.
Application templates
While UAG comes with over 30 individual application templates, many organizations find that their specific application requires certain tweaks to the templates to work perfectly. Additionally, one can create custom templates to perform certain automations or tasks, such as manipulation of registry settings on the client. This section of the book will detail the process of creating custom applications, and useful changes one could undertake to make life better.
Authentication to UAG
One of UAG's strengths is authentication and this alone makes it one of the most versatile products available today. Out of the box, it can talk to thousands of applications, and similarly can also integrate with dozens of directory types, from simple LDAP implementations and Radius backends through to the more service-oriented Claims-based architectures. However, enforcing security in the large heterogeneous environment is easier said than done. Quite often you'll find that many of these organizations employ multiple systems or custom authentication schemes (such as elaborate smartcard or certificate-based authentication) to control and restrict access into the multitude of systems and applications dispersed across their estates. In most cases, this can often require a bespoke implementation that has been specifically built around the organization's needs and practices. See the challenge? Then also consider how you provide remote access into these resources. If you haven't already guessed, this is where UAG really comes into its own and the fact that its authentication code is written almost exclusively using ASP means it is able to offer unparalleled flexibility and diversity when faced with such challenges. This section of the book will guide you through some of the things you can accomplish through code customization.
Authentication to backend applications
Most organizations that use UAG use it to publish many applications, and sometimes as many as a few dozen. UAG's ability to perform Single-Sign-On (SSO) to these applications is a key factor in choosing UAG over other solutions. UAG's SSO mechanism is exceptionally clever, and is able to handle standard 401 authentication, Kerberos Constrained Delegation (KCD), Active Directory Federation Services (ADFS), and more. This section of the book will discuss how to adapt UAG to perform custom SSO to applications it was not designed to handle, as well as customizing the authentication flow itself.
Application and data flow
As a reverse proxy, it is UAG's primary job to fetch data from backend servers and present it to clients, as well as receive information from clients and send it back to the backend. Two major components of this engine are the Application Wrapper (also known as AppWrap) and SRA, which have the capacity to alter content on the fly. These components are a critical part of the application publishing process, and can also be used to enhance applications' functionality, while also optimizing the user experience by altering content in real time. By customizing these components, one can achieve better application compatibility, as well as enhanced performance, functionality, and security that go beyond what UAG provides out of the box. This section of the book will guide you in customizing the AppWrap and SRA, and suggests how you can use them to solve problems, boost productivity, and achieve incredible results.