So this is my First Blog, hope you enjoy it!
Visual studio’s team foundation server is one of the many applications that users might want to publish through UAG.
The interesting element of this publication is that the TFS application can be accessed either through web browser or directly through visual studio via the same link.
Let’s assume that a group of developers can access their team foundation server through either a web browser or visual studio from within their LAN through the following link: https://tfs.appcorp.com/.
Those same users would like to access the same TFS resources from their home.
The initial step would be to create a new web publishing rule as an “Other web Application (application specific hostname)” giving those users access to the https://tfs.appcorp.com/ from the external network.
Given that Visual Studio uses the same https link to access the TFS resources through the internal network, users will expect their VS link to be the same from the outside networks; this configuration however does not work.
Visual Studio is unable to connect to the TFS resources and gives back this error:
Through some troubleshooting and network monitoring, we were able to notice that visual studio needs to authenticate directly with the TFS server in order to allow access to the requested resources. The authentication box below allows clients to authenticate and connect to the requested resources, this authentication is not possible however when accessing TFS through UAG.
The web publication created in earlier steps is accessible only after clients authenticate on the UAG Portal. This portal is preventing Visual studio from reaching the internal tfs resources directly.
Three solutions were found possible in order to solve this problem.
1- Publish the TFS link on the HTTP trunk thus bypassing any need for authentication between the VS and the TFS server.
This solution however will have passwords transit in clear over the Net.
2- Publish the TFS link on a separate trunk disabling the UAG authentication.
This solution would require a new public IP and new host records created and is still not very secure
3- Publish TFS as a Generic client application.
This solution will integrate with the current configuration and allow users to access their TFS resources by forwarding the VS requests though an SSL tunnel.
implementing this solution will require the following:
Creating a new “Generic Client Application” publishing rule on UAG and setting the server to the internal TFS address
Activating the configuration will add a TFS application icon to the portal
Selecting the application will launch it creating the requested tunnel to the TFS server.
All the Visual studio TFS traffic will then pass through this Tunnel and users will be able to access TFS through visual studio from home.
Published By Hicham Bardawil