United States   Change   |   All Microsoft Sites

Home

Microsoft Home  |  Servers and Tools  |  Forefront  |  Edge Security 

Forefront Unified Access Gateway Beta Features

Forefront Unified Access Gateway (UAG) is a remote access solution that provides a gateway for managed and non-managed endpoints to access corporate applications and resources, as follows:

  • Remote access - Remote users can access internal applications and resources from a diverse range of endpoints and locations. Users can access Web and non-Web applications, gain full VPN access to corporate networks, and access internal file shares and structures. Forefront UAG can act as a consolidated gateway providing access to multiple internal applications via a single portal, or provide access to a single Web application.

  • Application intelligence - Broad application support is provided for a wide range of Microsoft and third-party applications. Customizable application optimizer modules are predefined for specific applications. Optimizers consist of predefined settings and values that provide optimum settings for accessing a specific application via a Forefront UAG site. Default values and settings are based on in-depth research into application behavior, browser-server interactions, and endpoint requirements.

  • Security and access control - Forefront UAG enhances security and increases corporate compliance with granular remote access control. Control mechanisms include policy-based access controls, user authentication, and authorization for portal applications.

  • Frontend and backend authentication - Forefront UAG allows you to preauthenticate clients for session and application access, before requests are passed to backend servers published via Forefront UAG. Forefront UAG also provides a single sign-on authentication

Forefront UAG Features

Feature Highlight: High availability and array deployment

Forefront UAG allows you to group multiple Forefront UAG servers into an array. All array members share the same configuration, and can be managed as a single entity.

One of the array members acts as the array manager, storing configuration settings for the entire array. You can configure array members to use network load balancing (NLB) for high-availability and failover. Use integrated Forefront UAG NLB to configure NLB features of Windows Server 2008 R2 directly in the Forefront UAG Management console.

Server deployment

After installing Forefront UAG, the Getting Started wizard helps you to configure network and server settings.

Application publishing

You can publish Web and non-Web applications by means of Forefront UAG trunks. You can create a portal trunk to provide a one-to-many connection with a single IP address, allowing users to access multiple applications from a consolidated portal gateway. You can also create a single-application trunk to provide a one-to-one connection; one IP address routes to a single published Web server, enabling access to any generic Web application. You can publish the following types of applications:

  • Web applications

    Forefront UAG provides an application layer inspection reverse proxy for publishing Web applications and Web farms. Application inspection provides positive logic inspection to ensure that only legitimate application connections are allowed. Forefront UAG application optimizers include out-of-the-box inspection settings for many key Microsoft and third-party applications.

  • RemoteApps publishing

    Forefront UAG allows you to leverage Remote Desktop Services (Terminal Services) with an integrated Remote Desktop Services Gateway, to publish RemoteApps via a Forefront UAG portal.

  • Non-Web application publishing

    Forefront UAG allows you to publish non-Web applications over a secure connection using socket or port forwarding. You can request that users authenticate to Forefront UAG for access to user non-Web applications.

  • VPN client access

    You can publish a VPN connection in a portal, allowing remote endpoints to connect to the internal network and access all network resources. For VPN client access, you can use the proprietary Forefront UAG Network Connector, or allow clients with SSTP support to connect using SSTP.

  • File Access

    You can publish internal file structures in a portal, thus allowing remote clients to access internal file servers and shares.

DirectAccess

Forefront UAG integrates Windows Server 2008 R2 DirectAccess to allow seamless connectivity to corporate networks regardless of location. DirectAccess can be configured directly in the Forefront UAG Management console.

Endpoint component deployment

Forefront UAG provides components that are installed on endpoints connecting to Forefront UAG sites, in accordance with the endpoint operating system and browser, and the type of applications published by the Forefront UAG site that is accessed by the endpoint.

Endpoint access controls

Forefront UAG provides a variety of mechanisms to control endpoint access to published applications, including:

  • Client authentication

    You can request remote clients to authenticate before establishing sessions to Forefront UAG sites, or allow anonymous access for passthrough authentication to backend servers. You can also configure single sign-on, so that credentials specified by users during session logon are passed to published servers that require authentication.

  • Endpoint access policies

    You can set up endpoint policies with which endpoints must comply in order to gain access to Forefront UAG sessions and applications. Endpoint policies specify prerequisites that endpoint must meet for session access. You can implement endpoint policies using inbuilt Forefront UAG policies, or with Network Access Protection (NAP) policies downloaded from a Network Policy Server (NPS).

  • Portal application authorization

    When publishing applications and resources in a portal, you can enable application authorization to ensure that only specific users and groups can access the application.

Monitoring and logging

You can log Forefront UAG events and errors to a variety of logging formats, including a built-in reporter, a RADIUS server, and a local or remote SQL server. Forefront UAG provides the Web Monitor console as a Web application for viewing events, and managing Forefront UAG sessions.

Unified Access Gateway 2010 Beta