UAG Array and Network Load Balancing

UAG Array and Network Load Balancing

  • Comments 15
  • Likes

One of the major new features in this UAG release is ‘array’. An UAG array is a set of machines that share the same configuration (trunks, applications, etc.) and is managed as a unit. It maps to our ‘Enterprise Readiness’ pillar, and provides the following benefits:

  • Increased Availability
  • Increased Scale
  • Management as a unit

Increased availability and scale are achieved by load-balancing incoming traffic among several UAG machines – that increases both the overall capacity of the deployed system, and in case one UAG machine is down – the backend app is still available via other UAG machines. Before this release that was only possible with an external SSL load-balancer. In this release, we’ve integrated with Windows NLB (Network Load Balancing) to provide an out-of-box solution at no extra cost.

Obviously, when working with multiple machines for publishing the same applications and in the same manner, it would be a huge burden for the administrator to configure each machine separately. Fortunately, UAG abstracts that in a nice way: the admin would only need to make the configuration change from one of the machines, and the change would be automatically propagated to all array members. This is accomplished by having one of the array members (usually the first one) defined as the “manager”, which holds the authoritative copy of the configuration; changes to the configuration (from any machine) are updated there first, then propagated to other members. BTW, the array manager does not need to be a dedicated machine. There’s no extra load on the array manager.


Example Array

How does one get started with an array? It’s simple: you install UAG on one machine (that would be your Array Manager), then install UAG on another UAG machine and ‘join’ that machine to the Array Manager machine via the Array Management wizard. Before you join the machine to the array, you need to open connectivity from the member to the manager machine – you do that by launching the TMG console on the array manager machine and adding the second machine to the “Managed Server Computers” computer set:


Opening Connectivity to the Array Manager

clip_image008 clip_image010

Array Management Wizard

After joining the second machine to the array and performing activation you have a 2-nodes array up and running. You can start creating trunks and publishing applications; you can also join a node after you create trunks and publish applications – that node would inherit the configuration from the array manager. You should note that when joining a node to an array, the local configuration of the node will be wiped…

In order to enable NLB on your array you would need to create a Virtual IP Address, also known as a “VIP”, first. The VIP is an IP address that is shared by each node of the array. Traffic destined for a trunk that is associated with that IP address arrives at each of the nodes, but is picked by only one of them (this filtering is performed by NLB itself, way low at the network stack), thus effectively load-balancing the traffic between the nodes. You define a VIP from the Network Load Balancing dialog:


Network Load Balancing UI

Once you have a VIP defined, you can associate a trunk with that VIP.

UAG also has an interface for showing status of and performing operations on array members. For example, before taking a machine down for maintenance you can “drain” that machine, which means that new sessions are not going to be routed to that machine. When the current sessions on that machine terminate, you can safely take the machine down without disrupting active users. Those operations can be performed from the NLB section of the Web Monitor.

We have a lot more planned for the array. We see it as an important feature for our enterprise customers and we’re planning on investing much more in it. We’d love to hear your feedback on it!


Asaf Kariv | Lead Program Manager | Microsoft Unified Access Gateway

  • Great stuff, I strongly recommend NLB for ISA/TMG deployments so having the same potetial for UAG is great news...

  • Most times an IAG configuration is made up of not only changes in the GUI but also files that that are modified, added, or deleted.  Does the UAG array manager take into account propogating file level configurations between nodes?

  • Yes Mark,

    UAG array takes care of all the configuration, including files, as long as they are saved in the right CustomUpdate folder as specified here:

    BTW: A UAG version of these TechNet articles will be available soon.

    Meir :->

  • Does it make sense removing the second machine from the "Managed Server Computers” again?

    Also information is missing which credentials should be used to join the array. Are the credentials just used to join the array or are they used permanently?

  • Hi guys,

    How many NLB-nodes we could have at UAG-array?

    Thank you in advance

    Best regards,

    Alexey Goldbergs

  • Hi there,

    What load balancing algorithm does NLB for UAG support? Only Round Robin? Is it possible to implement a failover only scenario (one array member is only standby)?

    Best regards


  • UAG is using Windows Server NLB mechanism, and the distribution of traffic is not pure round-robin. You can read more on the load balancing algorithm in this article:

    With regard to failover, traffic is distributed among all nodes - no node in a standby - unless it was manually suspended or stopped sending NLB heartbeat.

  • Hi are there any specific instructions for creating a load balanced array using a dedicated hardware load balancer? I would assume you just create and Array with two Servers and then all the "Load balancing" is done externally? however is there any specific configuration you need to perform?

  • Hello MSFT,
    Thanks for all your posts.
    I just setup an array successfully with 2 servers.
    My question is , how can I still give my users the REGULAR INTERNET ACCESS INTERNAL TO EXTERNAL AS DONE IN STAND ALONE TMG. Only this time i would want to my users to change browser proxy configuration to the virtual IP address. Thanks a bunch

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment