Microsoft Forefront Unified Access Gateway (UAG) is a discontinued

software suite A software suite (also known as an application suite) is a collection of computer programs (application software, or programming software) of related functionality, sharing a similar user interface and the ability to easily exchange data with each ...

that provides secure remote access to corporate networks for remote employees and business partners. Its services include

reverse proxy In computer networks, a reverse proxy is the application that sits in front of back-end applications and forwards client (e.g. browser) requests to those applications. Reverse proxies help increase scalability, performance, resilience and securi ...

virtual private network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...

(VPN),

DirectAccess DirectAccess, also known as Unified Remote Access, is a VPN technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated b ...

and

Remote Desktop Services Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine ...

. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007. UAG is part of the

Microsoft Forefront Microsoft Forefront is a discontinued family of line-of-business security software by Microsoft Corporation. Microsoft Forefront products are designed to help protect computer networks, network servers (such as Microsoft Exchange Server and Mic ...

offering.

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

discontinued the product in 2014, although the

Web Application Proxy Web most often refers to: * Spider web, a silken structure created by the animal * World Wide Web or the Web, an Internet-based hypertext system Web, WEB, or the Web may also refer to: Computing * WEB, a literate programming system created by ...

feature of

Windows Server 2012 R2 Windows Server 2012 R2, codenamed "Windows Server 8.1" or "Windows Server Blue", is the seventh version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It was unveiled on June 3, 2013 a ...

and later offers some of its functionalities.

History

Unified Access Gateway was originally developed by a startup company named ''Whale Communications'' in

Rosh HaAyin Rosh HaAyin ( he, רֹאשׁ הָעַיִן, lit="fountainhead", , ar, روش هاعين) is a city in the Central District of Israel. To the west of Rosh HaAyin is the fortress of Antipatris and the source of the Yarkon River. To the southeas ...

Israel Israel (; he, יִשְׂרָאֵל, ; ar, إِسْرَائِيل, ), officially the State of Israel ( he, מְדִינַת יִשְׂרָאֵל, label=none, translit=Medīnat Yīsrāʾēl; ), is a country in Western Asia. It is situated ...

. Whale's initial product, e-Gap, was designed to create physical separation between networks of disparate trust levels. It consisted of an appliance housing a 512k memory chip that toggled connections between two servers via a SCSI bus. The product was originally built to offer sneaker-net services and shortly thereafter features to enable HTTP connections were added. In the 90's and early 2000's, e-Gap was enhanced to provide comprehensive reverse proxy features that included in-depth filtering of inbound traffic to ensure the security of the web servers and applications it protected. As adoption grew, the product pivoted to focus more specifically on Remote Access use-cases and additional features and licensing options were added to provide employee and contractor remote access across a range of connectivity options. In 2002, the market evolved into offering more comprehensive SSL VPN features. Whale's uniqueness was in its ability to granularly filter and alter the flow of traffic to enable a path of least access and protect from both known and unknown attacks/vulnerabilities using an application specific positive logic filtering engine. On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications. Microsoft completed the acquisition on 26 July 2006. Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap (e-Gap) was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, PortSys and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance (a first of its kind form-factor for Microsoft) - a pre-installed VHD which could be run on

Hyper-V Microsoft Hyper-V, codenamed Viridian, and briefly known before its release as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows. Starting with Windows 8, Hyper-V superseded Win ...

VMware Workstation VMware Workstation Pro (known as VMware Workstation until release of VMware Workstation 12 in 2015) is a hosted (Type 2) hypervisor that runs on x64 versions of Windows and Linux operating systemshttps://kb.vmware.com/selfservice/microsites/searc ...

. In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway (UAG). The product was released on 24 December 2009. UAG's core new functionality centered on its DirectAccess gateway. DirectAccess, launched with Windows 7, was Microsoft's visionary always on VPN which allowed both VPN access and continuous endpoint management and control. At its launch, UAG was the only solution to publishing DirectAccess making the product an integral part of the Windows 7 strategy. Ultimately, these capabilities (and others) were built natively into Windows Server. Service Pack 1 for this product was released on 3 December 2010. Update 1 for Service Pack 1 was released on 17 October 2011 Service Pack 2 for this product was released on 6 August 2011. Service Pack 3 was released on 19 February 2013. Service Pack 4 was released on 27 November 2013. On 17 December Microsoft have announced that Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on 1 July 2014

Technical overview

Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications. Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG. Out of the box UAG Server is able to work with many authentication vendors such as Mi-Token,

RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, ...

OneSpan OneSpan (formerly Vasco Data Security International, Inc.) is a publicly traded cybersecurity technology company based in Chicago, Illinois with offices in Montreal, Brussels and Zurich. The company offers a cloud-based and open architected ant ...

, GrIDsure, Swivel, ActivCard and

Aladdin Aladdin ( ; ar, علاء الدين, ', , ATU 561, ‘Aladdin') is a Middle-Eastern folk tale. It is one of the best-known tales associated with ''The Book of One Thousand and One Nights'' (''The Arabian Nights''), despite not being part of ...

. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

Macintosh The Mac (known as Macintosh until 1999) is a family of personal computers designed and marketed by Apple Inc., Apple Inc. Macs are known for their ease of use and minimalist designs, and are popular among students, creative professionals, and ...

and iPhone. The product also supports

Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and a ...

. UAG performs particularly well in providing a portal for web applications, such as

web-based email Webmail (or web-based email) is an email service that can be accessed using a standard web browser. It contrasts with email service accessible through a specialised email client software. Examples of webmail providers are 1&1 Ionos, AOL Mail, Gm ...

and

intranet An intranet is a computer network for sharing information, easier communication, collaboration tools, operational systems, and other computing services within an organization, usually to the exclusion of access by outsiders. The term is used in c ...

s, but it also provides full SSL VPN network access using either

ActiveX ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...

(when using Internet Explorer) or

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...

components (when using Firefox,

Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a librett ...

, non Windows client such as

Red Hat Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide. Red Hat has become ass ...

or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name,

antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

definitions date or running processes. The inclusion of

with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components -

DNS64 An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Vers ...

and

NAT64 NAT64 is an IPv6 transition mechanism that facilitates communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). The NAT64 gateway is a translator between IPv4 and IPv6 protocols, for which function it need ...

, which make deploying DirectAccess in an existing network easier, without the need to deploy

IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...

. The product is sold in appliance form, from various vendors. It is also offered as an installable DVD. The product can be installed on

Windows Server 2008 R2 Windows Server 2008 R2 is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became General av ...

History

Technical overview

Version History

See also

References

Further reading