United States   Change   |   All Microsoft Sites

Home

Microsoft Home  |  Servers and Tools  |  Infrastructure  |  Forefront

Edge Security - Secure Remote Access

Securely Publish Your Content for Remote Access

Businesses need to provide employees, partners, and customers with secure remote access to applications, documents, and data from any PC or device at any location.

Secure application publishing and secure socket layer (SSL) virtual private network (VPN) enable organizations to make their key end-user focused IT infrastructure components—such as computers running Microsoft Exchange Server, Microsoft SharePoint Portal Server, file shares, and other resource servers—accessible to remote users over a fully protected application-layer connection. By pre-authenticating users before they gain access to any published servers, inspecting even encrypted traffic at the application layer in a stateful manner, and providing automated publishing tools, Forefront edge security and access products make it easier to provide security for corporate applications accessed over the Internet.

Microsoft Forefront Edge Security - Secure Remote Access

Together, Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft’s Intelligent Application Gateway (IAG) 2007 form a Microsoft Windows-based platform for enabling secure user access from virtually any device or location.

Optimized for Enterprise Resources

ISA Server, with its broad-based network edge protection, and IAG with its application-centric, policy-based access and granular Web application firewall security, deliver enhanced access control, application publishing, and comprehensive endpoint and application security.

Key IT Administrator Concerns

The Microsoft Solution

Growing mobility: Need to enable browser-based access

  • Traditional VPNs are inadequate and hard to manage, with all-or-nothing policy that doesn’t work behind other firewalls

  • Access to more and different types of applications than ever before

  • Intranet and extranet access from more users, locations and devices

Secure Application Access

Increased threats: Must block malicious traffic and attacks

  • My applications and data resources are vulnerable to exploits

  • Full network access increases risk

  • Poor integration with applications and services exposes infrastructure

  • Legacy applications not “Internet-ready”

Customizable Enterprise Security

Complex policy requirements: Need to drive policy compliance

  • Changing legal and business guidelines require information usage restrictions to limit exposure and liability

  • I need to prove better ROI on security and access infrastructure (with fewer helpdesk calls)

Granular Information Protection

Choose a Solution that Makes Sense for Your IT Environment

Your choice of access mechanism should be dictated by both business and security needs. Microsoft’s goal is to provide a broad solution that can easily adapt to a variety of usage and deployment scenarios. The table below will help you identify which solution makes the most sense in your IT environment.

Key IT Administrator Concerns

ISA Server 2006 Provides

Integrated Security

Branch office desktops do not get software updates as fast as they should.

BITS caching to accelerate the deployment of software updates and keep remote computers protected.

Efficient Management

Deployment at branch offices and remote locations is difficult because there is no local IT staff to setup the firewall or virtual private network (VPN).

Easy deployment and configuration in branch offices with automated VPN connectivity tools and answer files on removable media for unattended installation.

Significant portion of IT budget is consumed by costs of managing IT infrastructure at these remote locations.

Effective management with faster propagation of enterprise policies, reduced server requirements, and low-bandwidth optimizations.

Need to centrally manage branch office security and connectivity and prevent network access downtime.

Secure remote management of firewall and Web cache services.

Need ability to deploy into existing IT environments without changing the network architecture.

Multi-network architecture, network templates, and configuration tools to flexibly integrate into existing infrastructure.

Fast, Secure Access

Wide area network (WAN) links are expensive and poorly utilized.

HTTP traffic compression and caching which improves Web page load times and reduces WAN costs for users in branch offices.

Low priority traffic may override critical application traffic on WAN links, reducing application functionality.

DiffServ IP settings to ensure that the highest priority applications get precedence over other network traffic, and better bandwidth utilization and response times for critical Web resources.

Need to enhance network performance and optimize branch office content delivery.

Integrated Web caching in corporate data centers, cache server array functionality, and distributed hierarchical caching.

How ISA Server and IAG 2007 Help Improve the Security of Your IT Resources

The following table provides a more detailed view of how ISA Server provides baseline secure application publishing for Microsoft Exchange and SharePoint Portal technologies and how IAG 2007 enables customizable SSL VPN-based access with endpoint security management.

Resource

ISA Server 2006 Features

Intelligent Application Gateway 2007 Features

General application access from Web-enabled clients when content-specific policy is not required.

Highly customizable and differentiated application access based on user identity, content and file attributes, URL, and client security state.

Exchange Server, SharePoint Portal Server

  • Protocol validation and filtering

  • Pre-authentication

  • OWA-specific content inspection

  • Application and user-level policy

  • SharePoint link translation

  • Simple publishing wizards

  • Comprehensive pre-authentication and single sign-on

  • Application-specific data protection

  • Block specific functions or areas within applications based on endpoint profile

  • Endpoint security verification

  • Client-side cache and session clean-up (Attachment Wiper)

  • Multiple policy-based portal configurations with link translation

  • Flexible and customizable portal experience with automated application launch

  • Native SharePoint services support

File Share Access

  • via IPsec VPN

  • Secure socket layer (SSL) virtual private network (VPN)-based server share and full network access

  • Access to user's home directory and shared file folders (Web access)

  • File-level security and policy controls

  • Session management and security (clean-up)

Client/Server

  • Native Outlook and Microsoft Office Outlook 2003

  • SSL VPN-based access using almost any client-side application or server proxy

  • Policy based on endpoint profile with application-specific session control

  • Seamless support of Microsoft Office on the client

  • Identifies client executables; allows only specific applications to tunnel

  • Secure Telnet and native Terminal Services client support

Mobile

  • Outlook Mobile Access and Exchange ActiveSync publishing

  • Certificate-based authentication

  • Browser-specific micro-portal pages with custom login and logout

  • OMA command and URL filtering

  • Automatic device detection; supports e-mail push

Other

  • Web-based applications

  • Generic server publishing

  • IPsec VPN quarantine

  • Customizable Web portal

  • Supports any Web-enabled application with full content security

  • Single sign-on against multiple directories

  • Instantly publishes almost any non-Web application

  • Comprehensive monitoring and logging to track information usage

Product Details

Try Forefront

Download trial software
Download trial software
Try virtual labs online
Try virtual labs online