The CustomUpdate mechanism

The UAG customization framework is based on a well-known concept often referred to as CustomUpdate. The idea is that some folders within the UAG folder tree contain special folders with this name, and in them you can place your own custom code. When the UAG's code runs, it automatically checks these folders for custom files, and processes them accordingly. For example, here's such a function from the page logo.inc:

As you can see, the command uses the function include Application and defines a filename pattern for when UAG performs its CustomUpdate file check. If the file is found, the function will read its content and process it as if it was a part of the original code (the include function itself is in /InternalSite/Inc/include.inc). The actual filename (logo.inc) is populated into LOGO_INC as part of the file /InternalSite/Inc/IncludeFiles.inc. The following screenshots show these two files:

It's important to keep in mind though, that this processing is sometimes a cumulative processing, and sometimes replaceable processing. Depending on the design of the specific component, UAG might use your file instead of the original file (for example, if you customize the Login page), or in addition to the original file (such as when customizing the endpoint detection script).

The process of customizing a file is simple: you create your file, drop it in the relevant folder, and name it appropriately. The file naming convention used by UAG is:

<trunk Name><Secure><name>.<extension>

The trunk name is obvious. The Secure flag is either 0 or 1, depending if the trunk is HTTP or HTTPS. The name is the original filename, and the extension needs to match.

For example, let's say you want to create a certificate-authentication configuration. We will discuss this more in Chapter 6, Custom Certificate Authentication, but this is also considered to be a customization, as this will almost always require some editing of the ASP code itself to match the organization's certificate scheme. The name of the certificate authentication file is cert.inc, so if your trunk is named Remote, and the trunk is an HTTPS trunk, the file you will need to put in the target folder needs to be named remote1cert.inc.

For the most part, that's about it, and the next user who logs in will reap the benefit of the new custom file (or the error it may generate, if you messed it up!). Adding new files does not impact existing sessions, so if you are testing this yourself, you would need to log out and log in again, and we also recommend clearing your browser cache and cookies as well. Some files will require you to perform a configuration activation to take effect, and some take effect immediately. However, it is important to perform an activation regardless, otherwise, the custom file will not be pushed into the TMG storage and may later miraculously disappear from your server.

Another point worth mentioning is that when customizations are done to a UAG array, they should only be applied to the Array Master Server (AMS). During activation, the custom files will propagate across all array members.