Securely Publish Your Content for Remote Access
Businesses need to provide employees, partners, and customers with secure remote access to applications, documents, and data from any PC or device at any location.
Secure application publishing and secure socket layer (SSL) virtual private network (VPN) enable organizations to make their key end-user focused IT infrastructure components—such as computers running Microsoft Exchange Server, Microsoft SharePoint Portal Server, file shares, and other resource servers—accessible to remote users over a fully protected application-layer connection. By pre-authenticating users before they gain access to any published servers, inspecting even encrypted traffic at the application layer in a stateful manner, and providing automated publishing tools, Forefront edge security and access products make it easier to provide security for corporate applications accessed over the Internet.
Together, Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft’s Intelligent Application Gateway (IAG) 2007 form a Microsoft Windows-based platform for enabling secure user access from virtually any device or location.
How ISA Server and IAG 2007 Help Improve the Security of Your IT Resources
The following table provides a more detailed view of how ISA Server provides baseline secure application publishing for Microsoft Exchange and SharePoint Portal technologies and how IAG 2007 enables customizable SSL VPN-based access with endpoint security management.
ISA Server 2006 Features
Intelligent Application Gateway 2007 Features
General application access from Web-enabled clients when content-specific policy is not required.
Highly customizable and differentiated application access based on user identity, content and file attributes, URL, and client security state.
Exchange Server, SharePoint Portal Server
Protocol validation and filtering
OWA-specific content inspection
Application and user-level policy
SharePoint link translation
Simple publishing wizards
Comprehensive pre-authentication and single sign-on
Application-specific data protection
Block specific functions or areas within applications based on endpoint profile
Endpoint security verification
Client-side cache and session clean-up (Attachment Wiper)
Multiple policy-based portal configurations with link translation
Flexible and customizable portal experience with automated application launch
Native SharePoint services support
File Share Access
Secure socket layer (SSL) virtual private network (VPN)-based server share and full network access
Access to user's home directory and shared file folders (Web access)
File-level security and policy controls
Session management and security (clean-up)
SSL VPN-based access using almost any client-side application or server proxy
Policy based on endpoint profile with application-specific session control
Seamless support of Microsoft Office on the client
Identifies client executables; allows only specific applications to tunnel
Secure Telnet and native Terminal Services client support
Browser-specific micro-portal pages with custom login and logout
OMA command and URL filtering
Automatic device detection; supports e-mail push
Customizable Web portal
Supports any Web-enabled application with full content security
Single sign-on against multiple directories
Instantly publishes almost any non-Web application
Comprehensive monitoring and logging to track information usage