Microsoft Forefront - Unified Access Gateway (UAG) Presentation
1. Unified Access Gateway
(UAG)
December 2009
Brendan Foley Uri Lichtenfeld
Director Product Manager
Identity & Security Business Group
2. Agenda
• Business Challenges
• Business Ready Security
• Overview of Forefront Unified Access Gateway
− Anywhere Access
− Integrated Security
− Simplified Management
• Demo
• Licensing & Pricing
• Summary
November 2006
3. Business Challenges
Threats Current
Solutions
Business Landscape
Increased Product
volume proliferation
Greater Lack of
sophistication integration
Profit High cost of
motivated ownership
Security not aligned to business needs and new opportunities
4. Business Ready Security
Help securely enable business by managing risk and empowering people
Identity
Highly Secure & Interoperable Platform
from: to:
Block Enable
Cost Value
Siloed Seamless
5. Business Ready Security Solutions
Secure Messaging Secure Collaboration Secure Endpoint
Information Protection
Identity and Access Management
6. UAG delivers secure, anywhere access to messaging, collaboration
and other applications, increasing productivity while maintaining
compliance with policy.
Anywhere • Employees/partners/customers are productive from anywhere
• Simple and secure, optimized for SharePoint / Exchange
Access • Extend networking connectivity with Windows DirectAccess.
• Protects IT assets through fine-grained, built-in access policies
Integrated • Easily enables a variety of strong authentication methods.
Security • Helps limit exposure and data leakage
• Consolidates remote access infrastructure
Simplified • Simplifies deployment and ongoing tasks through wizards and
Management built-in policies.
• Delivers a simplified user experience, reducing support costs
7. How It Works Challenge: wide
variety of devices and
platforms increases risk UAG continually inspects
and TCO. traffic and blocks
How: User initiates access from Data Center / Corporate Network
applications or
browser; UAG then verifies user transactions that are
identity and health of device and deemed risky Exchange
from that
provides appropriate access. user/location. CRM
Mobile SharePoint
IIS based
IBM, SAP, Oracle
Home / Kiosk
Layer3 VPN
TS/ RDS
Internet HTTPS (443) Administrator Citrix
configures granular
DirectAccess
access policy, based on
identity of user and web
Non
health of device
Solution: Leverage
Business Partners UAG to consolidate
AD, ADFS,
access methods and
RADIUS, LDAP….
deliver a consistent user
Need: Remote workers policy
experience and and NPS, ILM
partners require secure Access
access from anywhere. attempts are
Employees
logged and
Managed Machines
auditable.
8. Anywhere Access
Forefront UAG: A key enabler of DirectAccess
UAG extends the benefits of Windows DirectAccess across your
infrastructure, enhancing scalability and simplifying deployments and ongoing
management
9. UAG and DirectAccess better together:
Extends access to line of business servers with IPv4 support
Access for down level and non Windows clients
Enhances scalability and management
Simplifies deployment and administration
Hardened Edge Solution
Always On
IPv6
SSL-VPN
+
IPv4
10. Anywhere Access
Simple, secure access optimized for SharePoint . . .
• Secure Remote Access for SharePoint.
Enabling employees, partners and
customers access to SharePoint from
virtually any location or device.
• Integrates SSL VPN Into SharePoint
By integrating its menu as a Web-part,
UAG can add access to client/server and
network resources to any existing
deployment.
• Improved User Experience
With enhanced web single-sign-on
capabilities, UAG can deliver remote
access to SharePoint portals and backend
applications without requiring additional
authentication.
11. Anywhere Access
. . . And simple, secure access optimized for Exchange
Publish all Exchange mail services as a
single UAG application:
• Easier publishing experience
• Symmetrical topology for all front-end
mail services
Publish each Exchange service as a
separate application:
• Greater back-end topology
12. Integrated Security
• Overlay granular access control to specific sites and/or
features within sites
• Built-in endpoint security policies (integrated with NAP)
• Expanded authentication and authorization capabilities
• Session clean-up and information leakage prevention
• Integrated network security
13. Simplified Management
• Simplifies deployment and ongoing tasks through wizards
and built-in policies.
• Simplified user experience - reducing support costs
• Consolidates remote access infrastructure
Step 2:
Step 1:
Provide the
Choose the type
All
Step 3:internal name
of application
Configure the
of the
SharePoint to
you wish
same external
publish.
Server.
name on your
Done!
SharePoint
Server.
Provide the
external name.
15. From IAG to UAG
IAG UAG
APPLICATION PUBLISHING
Granular Application Filtering Improved
Session cleanup and removal
End point health detection Improved
INTEGRATION
Integrated with NAP policies New
Remote Desktop and RemoteApp integration New
Extends and simplifies DirectAccess deployments New
SCALE AND MANAGEMENT
Built in load balancing New
Array management capabilities New
Enhanced monitoring and management (SCOM) New
16. UAG Form Factors
• Server Software install (MSI)
− Installs on hardware or virtual servers on
Hyper-V or SVVP guest
• Hardware appliance from OEM partners
16
17. How to Buy
• Server License
− OEM Partners: Customers can buy Forefront UAG as a
physical appliance. This includes the underlying
Windows Server 2003 R2 license.
− Microsoft Volume Licensing: Customers can run
Forefront UAG as software. These options require
provisioning the Windows license from a customer’s
existing agreement.
• Client Access and Other Licenses
− Microsoft Volume Licensing: Customers can buy
Forefront UAG CALs, External Connectors, and SPLAs
through Microsoft Volume Licensing. In addition to
individual CALs, customers with large environments can
purchase a 10,000 CAL pack.
18. Summary
• Extends, scales and simplifies DirectAccess
deployments
• Delivers Anywhere Access to SharePoint,
Exchange and more
• Protects IT assets and limits exposure
• Scalable and simple to deploy
Download now!
http://www.microsoft.com/uag
November 2006