Skip to main content

UAG 2010

Forefront Unified Access Gateway 2010 delivers comprehensive, secure remote access to corporate resources for employees, partners, and vendors from a diverse range of endpoints and locations, including managed and unmanaged PCs and mobile devices.



Background:
Forefront Unified Access Gateway (UAG) and Threat Management Gateway (TMG) trace their lineage back to other well known Microsoft products - Intelligent Application Gateway (IAG), Internet Security and Acceleration (ISA) Server, Proxy Server, and incorporate technologies from Microsoft acquisitions (Whale Communications). The following outlines latest steps in the UAG and TMG products evolution:   


and a brief feature comparison:


Business Ready Security:
Microsoft's Business Ready Security strategy is designed to help organizations of all sizes with managing risk while empowering collaboration and information sharing. At the time of this writing there are five comprehensive solutions that are aligned with this strategy:
  • Identity and Access Management
  • Secure Collaboration
  • Secure Endpoint
  • Information Protection
  • Secure Messaging
And Unified Access Gateway plays a prominent role within those solutions: 

Value Proposition:
Three pillars of UAG's value proposition are - 

Solutions Architecture:
UAG's solution architecture exemplifies the value propositions of Anywhere Access, Integrated Security, and Simplified Management:

Internal Architecture:
UAG's internal architecture builds upon, extends, or integrates with a number of Windows Server components:

Key Concepts:

  • Trunks – primary organizational units (could be HTTP or HTTPS; Portal, Redirect or ADFS), require IP address and FQDN. Contain one or more published applications.
  • Applications – built-in services (portal, files access, web monitor), web, client/server and legacy, browser-enabled, terminal/remote desktop services.  
  • Advanced Services – SSL application tunneling, Network Connector, Secure Socket Tunneling Protocol (SSTP), Direct Access. 
  • Sessions – various session parameters (timeout, logon/logoff URL, maximum logon attempts, session cleanup).
  • Authentication – trunk and application level. Supports: Active Directory, LDAP, RADIUS, RSA Secure ID, WinHTTP, Smart Card/Client Certificate, Other; ADFS 2.0. Enables Single-Sign-On (SSO).
  • Clients – endpoint detection, endpoint policies, NAP integration.

Limitations:

  • Only web protocols (HTTP, HTTPS) are supported.
  • Two part names (such as http://xyz.com) are not supported.
  • URLs with different domain names (such as www.yyy.com and www.zzz.com) can’t be published on the same trunk.
For more information refer to the following link.

Common Criteria:
Both Unified Access Gateway and Threat Management Gateway (included with every UAG distribution for firewall protection and support of features such as array management) are common criteria certified:


Labels:

Comments

Post a Comment

Popular posts from this blog

Skype for Business and VTC Interoperability

Skype for Business (SfB) has a very, very strong potential, I have written about it in my previous post . I can't think of any other platform that shows as much promise in terms of bridging personal and business communications as well as unifying different modes and mediums. And all of this may have started with a strategic acquisition of Skype by Microsoft in 2011. That said, the road ahead is not without challenges. For example, interoperability with other platforms. Making SfB work with existing Video TeleConferencing (VTC) systems, many of which represent significant capital investments in organizations' infrastructure, could be of a particular importance. After reading statements like Skype for Business is based on Session Initiation Protocol (SIP) standards and supports H.264 (MPEG-4 video coding standard) one can come to a quick conclusion that integration and/or interoperability with other VTC solutions is easy or nearly automatic. Unfortunately, the industry is not
34 comments
Read more

WordPress displays weird characters

Sometimes after a database conversion (e.g. from MySQL to MariaDB) or due to encoding issues a situation might arise when WordPress is showing weird characters. A quick way of remedying the situation would involve examining the pages to discover a pattern (what characters are being substituted, in the example below the apostrophe was replaced by  ’ ) then running an queries against the database to reverse the effect. Here's a quick example (common tables that store content): UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  'Â' ,  '' )      UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  '’' ,  "'" )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (meta_value,  'Â' ,  '' )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (meta_value,  '’' ,  "'" )      Please, keep in mind that to permanently resolve the issue you would need to get to the root of the p
17 comments
Read more

Mail-enabled security groups in Office 365

Another update (11/19/2013):  further evolution of Office 365 services makes creation of distribution and security groups even easier, plus there's now an option of creating a dynamic distribution group (click here for more information):    Update (08/06/2012): a clear sign of Office 365 evolving along the same lines as other agile cloud services - small incremental features and minor new functionality are being delivered almost continuously and, unlike important major service updates,  without much fanfare. For example, there's no need to resort to using PowerShell to setup mail-enabled security groups anymore, it can now be done at creation using management portal:       Those managing Office 365 ( O365 ) tenant via the Microsoft Online Services Portal  ( MOS Portal ) interface would notice that there are two distinct group entities: Security Groups: can be created via MOS Portal (main portal page>Management>Security Groups) and used for assigning
1 comment
Read more