UAG / Synchronization FAQ

1. What is the maximum number of SecureAuth appliances that can participate in a web.config replication pool?

The appliance comes ready to configure 4 appliances for replication. As the number of servers in the synchronization pool increases so does network traffic when configuration changes are made. Although web.config files are small, we recommend limiting the pool to 8.

2. Which port(s) are required for web.config replication between SecureAuth Appliances?

The Network Ports required for web.config replication between SecureAuth appliances are:

3. How does SecureAuth integrate with UAG? For use with Radius: generate session cookie that UAG can use, generate a certificate that is then used for UAG authentication, etc.?

We create a native UAG session token to log the user into UAG portal.

4. Is the ability to leverage UAG SAML-Kerberos conversion still available? Does it require ADFS infrastructure?

Generally speaking, since we are creating a native UAG session token, the customer will be able to leverage the existing SSO provided by UAG, including Kerberos and KCD.

5. How is the certificate life-cycle managed? For example, once the certificate expires is the certificate: replaced on iOS and the old certificate deleted, or updated with an extended life?

For desktops, once the certificate expires SecureAuth will manage it by transparently guiding user to re-authenticate the browser and re-installing a new certificate at the end, while deleting the expired one. For mobile devices, we utilize an encrypted stay resident token instead of a certificate for wide mobile support. When the token is expired, SecureAuth goes through the same re-authenticate process to delete the old token and install a new token.