Announcing Forefront Unified Access Gateway 2010. UAG is the cornerstone of Microsoft's remote access strategy and introduces a variety of new capabilities. This session is intended to announce UAG as well as drill into its core features and capabilities especially with Windows Server DirectAccess. Spend an hour as we unveil this next-generation remote access gateway that brings together the best and brightest remote access technologies. * Ensure always-on connectivity with scale and ease using DirectAccess and UAG. * Easily publish SSL VPN access for non DirectAccess clients. * Extend anywhere-access to Microsoft SharePoint, Exchange, Dyanmics and more. * Improve your Terminal Services deployment leveraging built in scale and management.

1. SIA306 Microsoft Forefront Unified Access Gateway (UAG): DirectAccess and Beyond Meir Mendelovich Senior Program Manager, UAG Product Group

2. Business Ready SecurityHelp securely enable business by managing risk and empowering people Protection Access Identity Integrate and extend security across the enterprise Protect everywhere, access anywhere Management Highly Secure & Interoperable Platform Simplify the security experience, manage compliance from: to: Block Enable Cost Value Siloed Seamless

3. The new information workplace Home USB Drive Mobile Devices Partner Organization The flow of information has no boundaries Information is shared, stored and accessed outside the control of its owner 3

4. UAG Vision Increasingly, people envision a world of anywhere access - a world in which the information, the communities, and the content that they value is available instantly and easily, no matter where they are. Bill GatesEnabling Secure Anywhere Access in a Connected World, Feb 2007 Provide employees, partners and customers with seamless secure accessto any application or resource, from any device onany network

5. UAG Solution Architecture Data Center / Corporate Network Exchange CRM SharePoint IIS based IBM, SAP, Oracle Mobile HTTPS / HTTP Home / Friend / Kiosk Terminal / Remote Desktop Services Layer3 VPN HTTPS (443) Internet DirectAccess Non web Business Partners / Sub-Contractors AD, ADFS, RADIUS, LDAP…. NPS, ILM Employees Managed Machines

6. Demo: UAG Web Experience

7. IAG? ISA? UAG? TMG? Forefront Edge Security and Access products provide enhanced network edge protection and application-centric, policy-based access to corporate IT infrastructures Today Tomorrow Protection Integrated and comprehensive protection from Internet-based threats Access Unified platform for all enterprise remote access needs

8. UAG In a Glance DirectAccess Web ApplicationPublishing SSL VPN Layer 3 VPN SSL Network Tunneling, SSTP Remote Desktop Services (TS) Enhanced Protection – Edge Ready Enhanced Authentication & Identity Unified Management Enterprise Readiness Interoperability

9. How UAG is saving you money Employees remain productive – ANYWHERE. Disaster ready – H1N1, SARS, Weather.. All remote access technologies on one platform, one management and possibly on one box Out of the box non-managed support Machines are always managed Integrated load balancing

10. Schedule Release Candidate 0 (RC0) is available for download Release Candidate 1 (RC1) will be out in few weeks RTM: Before end of 2009

11. UAG & DirectAccess

12. DirectAccess Extending network services and resources to remote users

14. Decreases patch miss rates

15. Applies GPOs to remote machines

16. Pre-logon health checks and remediation

17. Replaces modal "connect-time" health checks

18. Full NAP integration

19. Improved productivity

20. Not user initiated

21. Simplified connectivity

22. Supports authenticated transactions

23. Supports encrypted transactions

24. Authentication and encryption mitigate many attacksVPNs connect the user to the network DirectAccess extends the network to the user

25. Internet IPsec/IPv6 Enterprise Network Compliant Client IPsec/IPv6 Intranet User Intranet User Datacenter Servers Deperimeterization

26. UAG and DirectAccess better together: Extends access to servers with IPv4 support Access for down level and non Windows clients Enhances scalability and management Simplifies deployment and administration { Hardened Edge Solution Windows 7 Managed Always On Windows 7 IPv6 IPv6 { Windows 7 / Windows Vista/ Windows XP Unmanaged Non-Windows DirectAccess Server IPv4 PDA IPv6 or IPv4

27. Under the Hood: IPSec Tunnels Access Enabling Tunnel* IPv6 Transition Technologies: 6to4, Teredo, IP-HTTPS Corp Tunnel Domain Controllers, DNS, NPS, Management Internet IPv4 via NAT64 IPv6 Native ISATAP IPv4 via NAT64 IPv6 Native ISATAP Client Machine UAG Rest of the machines in corporate network * In UAG RC0 there is another tunnel for DNS servers

28. Admin Core Under the Hood: UAG Architecture Management UI SCOM MP Tracing & Logging Session Manager User Manager Config. / Array Manager IP VPN Web Application Publishing Direct Access RRAS TSG / RDG Internal Site Portal DirectAccess Server Domain Controllers, DNS, NPS, Management DTE / DoSP SSL Tunnel UAG Filter DNS64 NAT64 ISATAP IP-HTTPS Teredo 6to4 Native IPv6 SSTP Layer 3 IIS Client Machine UAG TMG Rest of the machines in corporate network Windows NLB UAG Logic Windows Server * In UAG beta there is another tunnel for DNS servers 17

29. Under the Hood: UAG Architecture UAG Management Direct Access DirectAccess Server DTE / DoSP DNS64 NAT64 ISATAP IP-HTTPS Teredo 6to4 Native IPv6 Domain Controllers, DNS, NPS, Management TMG NLB UAG Logic Client Machine UAG Rest of the machines in corporate network

30. DirectAccess Demo

31. Want more?

33. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.