Skip to main content

Posts

Showing posts from May, 2012

Microsoft Private Cloud Solutions

It's all about the cloud nowadays, and the competition is tough. First, there's Amazon, arguably the largest cloud computing platform out there, but being a market leader is both a blessing and a curse - others are constantly trying to dethrone you. And the list of those others is a notable one: Google and Microsoft are working tirelessly to improve their already impressive cloud platforms as are other industry heavyweights - IBMHP, CA; and let's not forget telecom giant - AT&T, Sprint, and Verizon; and many others - Rackspace, GoGrid, Joyent, Savvis, SoftLayer, CloudShare, Skytap, ...


So, how does Microsoft fair against the competition? I think it fairs quite well, thanks to its strong foothold in the Enterprise and the breadth and depth of its cloud solutions. Whether it is a traditional on-premise deployment, highly virtualized datacenter, private cloud, or public cloud offering - Microsoft has a compelling solution, great integration story, deep corporate pockets,…

UAG Authentication Capabilities

Sometimes the subject of authentication in UAG seems to confuse people, and to lead them to the wrong conclusions. To set the record straight on a couple of issues:
Misconception #1: UAG includes robust authentication capabilities - this is a true statement, but sometimes is gets interpreted in a way that implies a presence of some sort of secure identity store within UAG. This is not the case. UAG leverages different authentication repositories and options and can temporarily hold certain identity information to support things such as single sign-on (SSO), but is not a repository in itself. Here's a list of repositories and options supported out of the box (OOB):

Options such as "WINHTTP" and "Other" allow for new methods to be implemented to extend the OOB functionality (see a great example here). 
Misconception #2:UAG supports multi-factor authentication, including bio-metrics, hardware and software tokens, one time passwords (OTP), etc. - once again, this is a…

UAG Certificate Validation

Sometime it may be desirable to disable certificate validation for the SSL protected back-end services published via UAG. You can do this by editing the following registry keys:
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSLright-click ValidateRwsCert, select Modify, and change the Value data to 0right-click ValidateRwsCertCRL, select Modify, and change the Value data to 0restart IISPlease, note that disabling certificate validation process may not be an acceptable security practice in certain environments.For a complete list of UAG registry keys consult the following TechNet article. Also, there are different uses for certificates within UAG, to understand them better I strongly recommend reading through the following excellent blog post by Ben Ari.