Skip to main content

UAG 2010

Forefront Unified Access Gateway 2010 delivers comprehensive, secure remote access to corporate resources for employees, partners, and vendors from a diverse range of endpoints and locations, including managed and unmanaged PCs and mobile devices.



Background:
Forefront Unified Access Gateway (UAG) and Threat Management Gateway (TMG) trace their lineage back to other well known Microsoft products - Intelligent Application Gateway (IAG), Internet Security and Acceleration (ISA) Server, Proxy Server, and incorporate technologies from Microsoft acquisitions (Whale Communications). The following outlines latest steps in the UAG and TMG products evolution:   


and a brief feature comparison:


Business Ready Security:
Microsoft's Business Ready Security strategy is designed to help organizations of all sizes with managing risk while empowering collaboration and information sharing. At the time of this writing there are five comprehensive solutions that are aligned with this strategy:
  • Identity and Access Management
  • Secure Collaboration
  • Secure Endpoint
  • Information Protection
  • Secure Messaging
And Unified Access Gateway plays a prominent role within those solutions: 

Value Proposition:
Three pillars of UAG's value proposition are - 

Solutions Architecture:
UAG's solution architecture exemplifies the value propositions of Anywhere Access, Integrated Security, and Simplified Management:

Internal Architecture:
UAG's internal architecture builds upon, extends, or integrates with a number of Windows Server components:

Key Concepts:

  • Trunks – primary organizational units (could be HTTP or HTTPS; Portal, Redirect or ADFS), require IP address and FQDN. Contain one or more published applications.
  • Applications – built-in services (portal, files access, web monitor), web, client/server and legacy, browser-enabled, terminal/remote desktop services.  
  • Advanced Services – SSL application tunneling, Network Connector, Secure Socket Tunneling Protocol (SSTP), Direct Access. 
  • Sessions – various session parameters (timeout, logon/logoff URL, maximum logon attempts, session cleanup).
  • Authentication – trunk and application level. Supports: Active Directory, LDAP, RADIUS, RSA Secure ID, WinHTTP, Smart Card/Client Certificate, Other; ADFS 2.0. Enables Single-Sign-On (SSO).
  • Clients – endpoint detection, endpoint policies, NAP integration.

Limitations:

  • Only web protocols (HTTP, HTTPS) are supported.
  • Two part names (such as http://xyz.com) are not supported.
  • URLs with different domain names (such as www.yyy.com and www.zzz.com) can’t be published on the same trunk.
For more information refer to the following link.

Common Criteria:
Both Unified Access Gateway and Threat Management Gateway (included with every UAG distribution for firewall protection and support of features such as array management) are common criteria certified:


Labels:

Comments

Post a Comment

Popular posts from this blog

  Copilot Studio: Capabilities, Strategies, Scenarios 💡 Ready to Supercharge Your Team with AI? 🧠 A critical question for every leader: How do you transform the massive potential of AI into a practical, powerful, and cost-effective tool for your entire organization? 🤔 This guide explores various nuances of the AI adoption: 1️⃣ The Innovation Opportunity: The drive to deploy generative AI is reshaping the modern workplace, offering a monumental leap in productivity and creativity. This is the moment to empower your teams. 🚀 2️⃣ The Strategic Blueprint: Unlocking this potential requires a clear strategy. Navigating the licensing models for powerful tools like Microsoft Copilot Studio is the key to maximizing value and avoiding unexpected costs. 🗺 ️▶️ Our new interactive guide makes it simple. We break down the licensing paths, visualize the costs, and provide a clear, actionable roadmap for implementing a winning hybrid AI strategy. See how you can empower everyone, from citizen...
Post a Comment
Read more
  AI Agents as Trusted IoT/Software Defined Devices 🤖 Your Newest Endpoint Isn’t a Laptop; It’s an AI Agent. Are You Ready to Secure It? Dive into the next frontier of cybersecurity. Autonomous AI agents are no longer just code; they are powerful actors in our digital ecosystems. Treating them as simple software leaves a massive security gap. Our latest report introduces a new paradigm: The AI Agent as a Software-Defined Device. Discover the essential framework for securing the agentic future: ➡️ The Agent-as-Device Model: Learn why abstracting agents as software-defined devices, similar to IoT endpoints, is the key to managing their complexity and risk. Secure the “hardware” (host), “software” (agent logic), and “network” (communications). ➡️ A Digital Passport for AI: Move beyond static API keys. Explore how Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) create a cryptographic root of trust, giving every agent a verifiable identity and provable permissions. ➡️...
Post a Comment
Read more
  AI Trends in DevSecOps 🤖 The AI Co-Developer Is Here: Is Your DevSecOps Ready? Dive into the symbiotic evolution of AI and DevSecOps. While AI coding assistants are accelerating development at an incredible pace, they’re also scaling security risks and introducing a new, complex attack surface. Discover the critical shifts redefining secure software development: ➡️ Secure the Foundation First: Learn why 99% of organizations have sensitive data exposed and how to tame the “blast radius” of GenAI tools before deployment by focusing on data security posture. ➡️ The Intelligent IDE: Move beyond just finding flaws. See how AI-generated fixes are revolutionizing secure coding by slashing remediation times and empowering developers to fix vulnerabilities in seconds. ➡️ The War on Noise: Understand how AI is finally solving the false positive problem in CI/CD pipelines, making fully automated security gates an operational reality. ➡️ Think Like the Adversary: Explore the rise of AI Red ...
Post a Comment
Read more