Forefront Unified Access Gateway RC 0 released!

This is a product that I think Microsoft’s competitors HAVE to watch over the next few, as the feature list becomes more desirable, and, dare I say it, necessary.

Forefront UAG consists of the following:

  • Remote access─Remote users can access internal applications and resources from a diverse range of endpoints and locations. Users can access Web and non-Web applications, gain full VPN access to corporate networks, and access internal file shares and structures. Forefront UAG can act as a consolidated gateway providing access to multiple internal applications via a single portal, or provide access to a single Web application. Forefront UAG provides broad application support. Out-of-the-box application optimizer modules are predefined for a wide range of Microsoft and third-party applications. Optimizers consist of predefined settings and values that provide optimum settings for accessing a specific application via a Forefront UAG site. Default values and settings are based on in-depth research into application behavior, browser-server interactions, and endpoint requirements.
  • Endpoint identity and access─Forefront UAG enhances security and increases corporate compliance with granular remote access controls. Control mechanisms include access policies with which endpoints must comply to access Forefront UAG sessions and applications, user authentication, and authorization for portal applications.
  • High availability and scalability─You can use multiple Forefront UAG servers in an array configuration, and load balance traffic between array members. A load balanced array provides ease-of-management with a single configuration for all array members, high availability, scalability, and failover.
  • DirectAccess─Forefront UAG DirectAccess extends the benefits of Windows DirectAccess across your infrastructure to enhance scalability, and to simplify deployment and ongoing management.

Remote access

  • Application publishing─You can publish Web and non-Web applications by means of Forefront UAG trunks. You can create a portal trunk to provide a one-to-many connection with a single IP address, allowing users to access multiple applications from a consolidated portal gateway. You can also create a single-application trunk to provide a one-to-one connection; one IP address routes to a single published Web server, enabling access to any generic Web application. You can publish the following types of applications:
    • Web applications─Forefront UAG application optimizers include out-of-the-box inspection settings for many key Microsoft and third-party applications, You can publish single Web server, or a farm of Web servers that perform the same role or host the same content, to distribute requests evenly among farm members.
      For more information about Web application publishing, see:
      1. Remote access design guide—For general information about application publishing.
      2. Exchange services access with Forefront UAG—For information about publishing Exchange, including Exchange 2010. Using Forefront UAG you can publish Microsoft Office Outlook Web Access, Exchange ActiveSync, and Outlook Anywhere (RPC over HTTP) in a single portal, providing secure access to Exchange services on a single IP address. For users accessing Outlook Web Access, you can provide a streamlined logon experience by applying an Outlook Web Access theme in a portal, and providing authentication logon and logoff pages with an Outlook Web Access feel.
      3. SharePoint extranet access with Forefront UAG—For information about publishing SharePoint.
      4. Dynamics CRM access with Forefront UAG—For information about publishing Dynamics CRM 4.0.
    • Non-Web application publishing─Forefront UAG allows you to publish non-Web applications over a secure connection using socket or port forwarding. You can request that users authenticate to Forefront UAG for access to non-Web applications.
    • VPN client access (SSL network tunneling)─You can publish a VPN connection in a portal, allowing remote endpoints to connect to the internal network and access all network resources. You can configure SSL network tunneling using the Forefront UAG proprietary Network Connector, or allow clients with SSTP support to connect using SSTP.
    • File Access─You can publish internal file structures in a portal, thus allowing remote clients to access internal file servers and shares.

Endpoint identity and access

  • Endpoint browser support─Forefront UAG provides support for clients connecting to Forefront UAG sites from endpoints running Windows and non-Windows operating systems, and using a variety of browsers. For more information, see Allowing remote client access.
  • Endpoint component deployment─Forefront UAG provides components that are installed on endpoints connecting to Forefront UAG sites, in accordance with the endpoint operating system and browser, and the type of applications published by the Forefront UAG site that is accessed by the endpoint. For information about component support, see Endpoint system requirements.
  • Endpoint access controls─Forefront UAG provides a variety of mechanisms to control endpoint access to published applications, including:
    • Client authentication─You can request remote clients to authenticate before establishing sessions to Forefront UAG sites, or allow anonymous access for passthrough authentication to backend servers. You can also configure single sign-on, so that credentials specified by users during session logon are passed to published servers that require authentication. Forefront UAG allows you to preauthenticate clients for session and application access, before requests are passed to backend servers published via Forefront UAG. Forefront UAG also provides a single sign-on authentication experience by delegating credentials to backend applications that require authentication. For more information, see Planning for client endpoint authentication.
    • Endpoint access policies─You can set up endpoint policies with which endpoints must comply in order to gain access to Forefront UAG sessions and applications. Endpoint policies specify prerequisites that endpoints must meet for session access. You can implement endpoint policies using in-built Forefront UAG access policies, or against network access protection (NAP) policies downloaded from a Network Policy Server (NPS). For more information, see Planning for endpoint health checking.
    • Portal application authorization─When publishing applications and resources in a portal, you can enable application authorization to ensure that only specific users and groups can access the application.

High availability and scalability

Forefront UAG provides high availability and scalability as follows:

  • Array deployment─Forefront UAG allows you to group multiple Forefront UAG servers into an array. All array members share the same configuration, and can be managed as a single entity. One of the array members acts as the array manager, storing configuration settings for the entire array. All Forefront UAG configuration and activation is performed on the array manager.
  • Load balancing─You can load balance array members for high-availability and failover, either with a hardware load balancer, or using the Windows network load balancing (NLB) feature that is integrated into Forefront UAG. For more information, see High availability and scalability design guide.

DirectAccess

  • DirectAccess─Forefront UAG DirectAccess extends the benefits of Windows DirectAccess across your infrastructure to enhance scalability, and to simplify deployment and ongoing management. Forefront UAG DirectAccess provides a seamless connection experience to your internal network for users with Internet access. Requests for internal resources are securely directed to the internal network, without requiring a VPN connection.
    Forefront UAG DirectAccess provides the following:
    • Access to legacy applications and resources using NAT64 and DNS64.
    • Integration of Forefront UAG array deployment and load balancing to provide scalability.
    • Wizards for simplified deployment and management.

For more information, see Forefront UAG DirectAccess design guide.

As someone hopelessly head-over-heels with DirectAccess, you can see why I like this product.

Follow me on Twitter