Microsoft Forefront Unified Access Gateway

Microsoft Forefront Unified Access Gateway

Unified Access Gateway
Microsoft Forefront UAG.png
Original author(s) Microsoft corporation
Developer(s) Whale Communications
Stable release 2010 with SP1 / 3 December 2010; 11 months ago (2010-12-03)[1]
Development status Active
Operating system Windows Server 2008 R2[2]
Platform x86-64[2]
Type Security software, VPN software
License Proprietary commercial software
Minimum system requirements[2]
CPU 2.66 GHz; dual core; x86-64-compatible
Memory 4 GB
Hard disk drive space 2.5 GB
Operating system Windows Server 2008 R2 Standard or Enterprise edition
Other requirements The computer on which Forefront UAG is being installed should be devoid of all other software except its operating system.

Microsoft Forefront Unified Access Gateway (UAG), is a reverse proxy and VPN solution that provides secure remote access to corporate networks for remote employees and business partners. It is part of the Microsoft Forefront offering. It incorporates various remote access technologies such as reverse proxy, VPN (especially SSL VPN), DirectAccess and Remote Desktop Services. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007. UAG also integrates DirectAccess which is a VPN-Like technology that provides seamless remote access to an organizational network via IPv6 and IPSec.



Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. One of the challenges it tried to solve in the nineties was to develop a remote access solution based on a VPN mechanism but without direct network access from the remote client to the corporate network[3]. This type of solution was specifically required by the Israeli military and government, to meet national information security standards.

The technology developed was called the Air Gap and the communication between the external network and internal network was managed by two separate 1U rack-mount servers linked together by a memory bank accessed through a SCSI interface.[4]

On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications.[5] Microsoft completed the acquision on 26 July 2006.[6][7] Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, Portcullis Systems and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance - a pre-installed VHD which could be run on Hyper-V or VMWare.

In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway. The product was released on 24 December 2009.[8] Service Pack 1 for this product was released on 3 December 2010.[1]

Technical overview

Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.

Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG.[9]

Out of the box UAG Server is able to work with many authentication vendors such as RSA Security, Vasco, GrIDsure, Swivel, ActivCard and Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox.

UAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (when using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.

The inclusion of DirectAccess with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components - DNS64 and NAT64, which make deploying DirectAccess in an existing network easier, without the need to deploy IPv6.[10]

The product is sold in appliance form, from vendors such as IVO Networks, Portcullis Systems, Celestix Networks, and nAppliance. It is also offered as an installable DVD. The product can be installed on Windows Server 2008 R2.[11]

See also


  1. ^ a b "Download details: Forefront Unified Access Gateway (UAG) Service Pack 1". Microsoft Download Center. Microsoft corporation. 3 December 2010. Retrieved 3 December 2010. "Version: 4.0.1752.10000 [~] Date Published: 12/3/2010" 
  2. ^ a b c "System Requirements For Forefront UAG Servers". Microsoft Forefront website. Microsoft corporation. Retrieved 24 July 2010. 
  3. ^ "Microsoft Lands Whale for VPN Tech". eWeek (New York, NY: Ziff Davies). 18 May 2006. Retrieved 3 December 2010. 
  4. ^ "Whale e-Gap 3900". PC Magazine (New York, NY: Ziff Davies). 19 August 2003.,2817,1202263,00.asp. Retrieved 3 December 2010. 
  5. ^ "Microsoft to Acquire Whale Communications, a Leading Provider of SSL VPN and Application Security Technologies". Microsoft News Center (Redmond, WA: Microsoft Corporation). 18 May 2006. Retrieved 24 July 2010. 
  6. ^ "Microsoft Completes Acquisition of Secure Remote Access Technology Leader Whale Communications". Microsoft News Center (Redmond, WA: Microsoft Corporation). 26 July 2006. Retrieved 24 July 2010. 
  7. ^ "Microsoft Corp acquires Whale Communications Ltd". Thomson Financial. 26 July 2006. Retrieved 31 October 2008. 
  8. ^ "Forefront Unified Access Gateway (UAG) 2010 is released!". Microsoft Forefront Unified Access Gateway Product Team Blog. MSDN Blogs (Microsoft corporation). 24 December 2009. Retrieved 24 July 2010. 
  9. ^ "Microsoft delivers feature-rich SSL-VPN". Compouterworld (Newtonville, Massachusetts: International Data Group). 8 March 2010. Retrieved 3 December 2010. 
  10. ^ "Microsoft Forefront UAG 2010 Makes DirectAccess Feasible". eWeek (New York, NY: Ziff Davies). 10 February 2010. Retrieved 3 December 2010. 
  11. ^ "Hardware Partners". Forefront UAG. Microsoft corporation. 3 December 2010. Retrieved 3 December 2010. 

Further reading

External links

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Microsoft Forefront Threat Management Gateway — 2010 …   Wikipedia

  • Microsoft Forefront — logo Microsoft Forefront is a family of line of business security software by Microsoft Corporation. Microsoft Forefront products protect computer networks, network servers (such as Microsoft Exchange Server and Microsoft SharePoint Server) and… …   Wikipedia

  • Microsoft Forefront — это комплексное семейство продуктов, повышающее защищенность и управляемость системы безопасности сетевой инфраструктуры. Продукты Microsoft Forefront для безопасности легко интегрируются друг с другом и существующей ИТ инфраструктурой… …   Википедия

  • Microsoft Forefront — correspond à la gamme de produits dédiés à la sécurité pour les clients et serveurs Windows. Gamme de produits La gamme de Microsoft Forefront inclut les produits suivants : Postes de travail client Microsoft Forefront Client Security… …   Wikipédia en Français

  • Microsoft Forefront Online Protection for Exchange — (FOPE) is a hosted e mail security service, owned by Microsoft, that removes spam and viruses from e mail messages.[1] The service does not require client software installation, but is activated by changing each customer s MX record.[2] Each… …   Wikipedia

  • Microsoft Intelligent Application Gateway — (IAG) is a VPN solution that has originally been developed by the Israeli army in the middle of the nineties.One of the challenges for the army was to develop a remote access solution based on VPN mechanism but without direct network access from… …   Wikipedia

  • Microsoft Point-to-Point Encryption — (MPPE) is a protocol for encrypting data across Point to Point Protocol (PPP) and virtual private network (VPN) links. It uses the RSA RC4 encryption algorithm. MPPE supports 40 bit, 56 bit and 128 bit session keys, which are changed frequently… …   Wikipedia

  • Microsoft Security Essentials — Microsoft Security Essentials …   Wikipedia

  • Forefront Protection for Exchange Server — Microsoft Forefront Protection 2010 for Exchange Server (FPE) detects viruses, spyware, and spam by integrating multiple scanning engines from security partners in a single solution to protect Exchange messaging environments.[1] FPE provides an… …   Wikipedia

  • Forefront Protection for SharePoint Server — Microsoft Forefront Protection 2010 for SharePoint Server (FPSP) is a software application from Microsoft that protects Microsoft SharePoint Server document libraries. It enforces rules that prevent documents containing malware, sensitive… …   Wikipedia