why not a load balancer in front of the connections servers? I gues you could even get away with using uag's internally and using their load balancing so you only need a single address to connect to.
We will do like that a bit later. We need at start replace one connection server with new Windows version, so I imagined that it would be cool for users to choose which server to use. Send out notifications to use new, but if smth goes wrong then choose old one and contuine to work. Also we have one connection server with 2FA and one without 2FA, so we can't put both servers behind uag, otherwise one ore another will need to start use 2FA or vice versa which will not comply PCI requirements in our case, ok will comply if just all will use 2FA, but that isn't a goal now.
Do you know if it is possible to conifigure UAG with authentication options? Is there option to let end users to choose to authentificate with 2FA or without?