Overview of Forefront UAG features
Applies To: Unified Access Gateway
Forefront Unified Access Gateway (UAG) main features include the following:
Forefront UAG as a publishing server─You can configure Forefront UAG to publish corporate applications and resources, and enable remote users to access those applications in a controlled manner, from a diverse range of endpoints and locations.
Forefront UAG as a DirectAccess server─You can configure Forefront UAG as a DirectAccess server, extending the benefits of Windows DirectAccess across your infrastructure to enhance scalability, and simplify deployment and ongoing management. Forefront UAG DirectAccess provides a seamless connection experience to your internal network for users who have Internet access. Requests for internal resources are securely directed to the internal network, without requiring a VPN connection.
Single and multiple server deployment─You can configure a single server as a publishing server and as a Forefront UAG DirectAccess server, or deploy an array of multiple servers for scalability and high availability.
Forefront UAG as a publishing server
Forefront UAG acting as a publishing server provides the following features:
Application publishing─You publish applications and internal resources via Forefront UAG trunks. Users then access the applications via a Forefront UAG Web site or portal. A Forefront UAG Web site provides access to a single Web application, and a Forefront UAG portal acts as a consolidated gateway, providing access to one or more applications and resources. Via a trunk, you can publish Web and non-Web applications, provide full VPN access to corporate networks, and provide access to internal file shares and structures. For more information, see the following resources:
Read the Publishing design guide for general information about application and resource publishing.
Read the Exchange services publishing solution guide for information about publishing Exchange services via Forefront UAG.
The SharePoint publishing solution guide provides planning and deployment information about publishing SharePoint via Forefront UAG. .
Read the Dynamics CRM publishing solution guide for information about publishing Dynamics CRM 4.0 via Forefront UAG.
The Remote Desktop Services publishing solution guide helps you plan and deploy publishing of RemoteApps, or to access the Windows desktop itself.
Access control─Forefront UAG provides several mechanisms for controlling remote client endpoint access to published resources. Mechanisms include client authentication, access policies with which endpoints must comply, and authorization policies that specify which users and groups can access portal applications. For more information, see the Access control for publishing design guide.
Endpoint components─Forefront UAG installs endpoint components on client endpoints to enable Forefront UAG remote access features. Different remote access features require different endpoints components on the client endpoint. When an endpoint attempts to access a Forefront UAG site, Forefront UAG determines which components are installed and running. For more information, see the Endpoint component deployment design guide.
Forefront UAG as a DirectAccess server
Forefront UAG acting as a DirectAccess server provides the following features:
Improved remote user management—Forefront UAG DirectAccess enables you to manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on. This flexibility allows you to manage remote computers on a regular basis, and ensures that mobile users stay up-to-date with security and system health policies.
More secure and flexible network infrastructure—Forefront UAG DirectAccess takes advantage of technologies such as IPv6 and IPsec, to provide a more secure and flexible network infrastructure. Forefront UAG DirectAccess authenticates client computers, enabling the computer to connect to the intranet before the user logs on. IPsec is used to provide encryption for communications across the Internet.
Access to IPv4-only resources—Forefront UAG DirectAccess uses integrated NAT64 and DNS64 to enable clients to also access IPv4-only resources
IT simplification and cost reduction─ Forefront UAG enables you to manage single and multiple servers, NAT64 and DNS64 on the same computer.
Ease-of management─Forefront UAG DirectAccess is incorporated into the Forefront UAG Management console, and is configured using interactive wizards that provide simpler deployment and management.
For more information about Forefront UAG DirectAccess, see the Forefront UAG DirectAccess design guide.
Single and multiple server deployment
You can deploy Forefront UAG servers as follows:
Single server deployment─On a single Forefront UAG publishing server, you can create trunks to provide multiple Web portals that publish internal applications and resources. Each portal has its own configuration settings, external IP address, and published applications. In addition, you can configure the server as a Forefront UAG DirectAccess server.
Array deployment─You can group multiple Forefront UAG servers into an array. In an array, all members share the same configuration, including trunks, portals, and published applications, and DirectAccess settings. One of the array members acts as the array manager, storing configuration settings for the entire array. You configure and manage the array settings for all array members using the Forefront UAG Management console on the array manager.
Load balancing─You can load balance traffic to array members using Forefront UAG integrated network load balancing (NLB) feature. Using integrated NLB for remote access, you create a virtual IP address for each trunk in the array, and client endpoint requests to the trunks are load balanced across all array members. Alternatively, you can load balance array traffic using a hardware load balancer.
For more information, see the Array design guide.