About Intelligent Application Gateway (IAG) 2007 Service Pack 2

About Intelligent Application Gatew...

Whale Communications Intelligent Application Gateway (IAG) 2007

Whale Communications Intelligent Application Gateway (IAG) 2007 Service Pack 2 (SP2) introduces the following new features and enhancements to IAG 2007.

Simplified deployment

The new Getting Started Wizard enables end-to-end deployment of IAG, up to and including publication of portals and applications. For more information, see Configuring IAG network and server settings.

Enhanced browser and client operating system support

IAG SP2 provides new cache-cleaning and client endpoint health-detection capabilities for Firefox on Windows, Firefox on Linux, and Safari on Mac OS. The main benefits of this feature are the following:

Providing installation of client components for cache cleaning and endpoint health detection across operating systems that aren't Windows.
Basing access policies on endpoint health information received from Firefox on Windows, from Linux, and from Mac OS.

IAG administrators can create and manage multi-platform policies and expressions, as well as platform-specific policies and expressions. For more information, see Managing IAG client endpoint policies.

Publishing applications for users located on corporate networks

With IAG SP2, you can use Integrated Windows authentication when you publish applications for users that are located on corporate networks. In this setup, IAG functions as both a gateway from the Internet into the organization and a gateway from within the corporate network to the data center within that network. In addition, internal users who are logged on to the Active Directory domain are not prompted for their credentials, thus making for transparent authentication and a smooth user experience.

For more information about using Integrated Windows authentication when you publish applications for users that are located on corporate networks, see About publishing applications to users located on corporate networks with IAG SP2.

Integration with Microsoft Dynamics CRM 4.0

Microsoft Dynamics CRM is used to manage customer relationships. This software is commonly accessed by remote users (such as a mobile sales representative) from a variety of computers (such as laptops, home computers, and mobile devices). IAG enables a robust Microsoft Dynamics CRM experience while enhancing security. The following are some of the benefits of publishing Microsoft Dynamics CRM via IAG:

The Microsoft Dynamics CRM server doesn't have to be directly exposed to the Internet—It can reside in the datacenter.
Strong authentication capabilities—End users can log on to Microsoft Dynamics CRM with smart cards, one-time password tokens, etc.

For more information, see Publishing Microsoft Dynamics CRM with IAG SP2.

Integration with Microsoft Office Communicator Web Access

Microsoft Office Communicator Web Access is a key product in Microsoft’s unified communications strategy.

Office Communicator Web Access is targeted towards end users working from a kiosk or from a home computer, and it is targeted towards end users that need to access Office Communicator Services from a computer running an operating system that isn't Windows and therefore cannot run Communicator client. IAG enables a robust Communicator Web Access experience while enhancing security.

For more information, see Publishing Microsoft Office Communicator Web Access with IAG SP2.

Enhanced integration of Kerberos constrained delegation

IAG 2007 first introduced support for Kerberos constrained delegation in SP1.

In the release of SP2, IAG 2007 introduces new support for Kerberos constrained delegation that provides smoother integration and enhances its capabilities (for example, deploying Kerberos constrained delegation through IAG user interface or performing Kerberos constrained delegation single sign-on for Active Directory Federation Services authentication).

For more information, see Configuring Kerberos constrained delegation with IAG SP2.

Logging on with a UPN

IAG SP2 allows end users to authenticate to the IAG portal and to application servers published through the portal by using form-based authentication with the following credentials: user principal name (UPN) and a password. Because the UPN of an end user is unique in a domain forest, the end user can authenticate to any application server within the forest without providing the domain as a credential.

When an end user authenticates to the IAG portal by using a client certificate (for example, a smart card) and then attempts to open an application that requires authentication, the UPN of that end user will be automatically displayed in the User name box, eliminating the need to manually type the user name.

Post-SP1 updates included in SP2

This section contains descriptions of updates included in IAG SP2 that have been made to IAG since the release of IAG SP1.

Improved SharePoint deployment

The release of Hotfix for Whale Communications Intelligent Application Gateway (IAG) 2007 – update 2 for improved SharePoint publishing introduces the following changes and enhancements:

Smoother integration with Microsoft Office SharePoint Server 2007—Integration with Office SharePoint Server 2007 has been improved in order to provide better support and a smoother user experience. You can now publish SharePoint Products and Technologies through the IAG portal by using alternate access mapping, which enables mappings between the application's internal URLS and public URLs.
Configuration of a trunk's public host—You can no longer use IP addresses in order to define a trunk's public host; only host names are supported. In the Configuration console, the trunk's Public Hostname/IP Address box has changed to Public hostname. In addition, host names must contain at least two periods.

For more information, see About publishing SharePoint Products and Technologies with IAG SP2 or SP1 Update 2.

Additional supported applications

In addition to supporting Microsoft Dynamics CRM 4.0 and Office Communicator Web Access 2007, IAG also supports publishing the following applications, as part of update 4:

IBM Lotus Sametime 8.0
IBM Lotus iNotes version 8.0 and higher

Detection center

In update 4 for IAG, a detection center feature has been added to support Windows Management Instrumentation (WMI) detection on client computers. IAG can detect client security applications by using the WMI interface in addition to the existing detection mechanism. For more information, see Description of Update 3 for e-Gap Appliance 3.6 and Update 4 for Intelligent Application Gateway 2007 (http://go.microsoft.com/fwlink/?LinkId=124836&clcid=0x409).

Enhanced logging capabilities to the Network Connector server

Administrators can now associate users with dynamically allocated IP addresses. In this setup, when the network connector allocates IP addresses and logs them, it logs each IP address with the user's name and domain.

Additional fixes and design changes

Customized detection scripts do not require signatures. For more information, see Description of Update 1 for e-Gap Appliance 3.6 and for Microsoft Intelligent Application Gateway 2007 (http://go.microsoft.com/fwlink/?LinkId=124840&clcid=0x409).
Client computers that can access the IAG server only through a proxy server can resolve the IAG server identity and access the certificate revocation list. For more information, see Description of Update 1 for e-Gap Appliance 3.6 and for Microsoft Intelligent Application Gateway 2007 (http://go.microsoft.com/fwlink/?LinkId=124840&clcid=0x409).
The Microsoft Office Outlook Web Access logon page can be customized by offering any combination of the following options:
- The Outlook Web Access Premium version or the Outlook Web Access Light version.
- The private computer option or the public or shared computer option.

For more information, see Update 3 is available for Intelligent Application Gateway 2007 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=124841&clcid=0x409).