Comparing IAG 2007 and Forefront UAG RTM
Updated: August 23, 2010
Applies To: Unified Access Gateway
This topic is intended to help customers currently using Intelligent Application Gateway (IAG) 2007.
The following table provides a comparison of the features that are supported in Forefront Unified Access Gateway (UAG) but not supported in Intelligent Application Gateway (IAG) 2007 SP2, and those features that are supported in IAG 2007 with SP2 but not supported in Forefront UAG.
| Feature | Supported in Forefront UAG | Supported in IAG with SP2 | Details |
|---|---|---|---|
Software installation |
Yes |
No |
Forefront UAG is installed as a software application on Windows Server 2008 R2 |
Virtual machine or hardware appliance |
Yes |
Yes |
IAG 2007 with Service Pack 2 is available as a virtual machine and as a hardware appliance. Forefront UAG is available as a hardware appliance. |
ActivePerl installation |
No |
Yes |
ActivePerl installation is not required during Forefront UAG setup. |
Inbuilt firewall |
Yes |
Yes |
Forefront UAG installs Forefront TMG for firewall protection. IAG 2007 installs ISA Server 2006. |
Client endpoint components |
Yes |
Yes |
There are a number of differences in endpoint requirements between Forefront UAG and IAG 2007; for Forefront UAG endpoint requirements, see System requirements for Forefront UAG client devices. |
Multiple server array deployment |
Yes |
No |
Multiple Forefront UAG servers can be deployed in a load-balanced array. For more information, see the Array planning guide. |
Remote network access with Network Connector |
Yes |
Yes |
Forefront UAG provides Network Connector support for 64-bit clients. |
Remote network access with SSTP |
Yes |
No |
In addition to the legacy Network Connector application, Forefront UAG provides support for endpoints connecting to the internal network over SSTP. |
Publishing non-Web applications |
Yes |
Yes |
Forefront UAG does not provide application templates for the following applications:
|
Publishing browser-enabled applications |
Yes |
Yes |
Forefront UAG does not provide application templates for the following applications:
|
Publishing Web applications |
Yes |
Yes |
Forefront UAG does not provide application templates for the following applications:
|
Publishing Exchange services with dedicated wizard |
Yes |
No |
Forefront UAG provides a dedicated wizard for publishing Exchange services. Using the wizard, you can publish Microsoft Office Outlook® Web Access, Exchange ActiveSync®, and Outlook Anywhere (RPC over HTTP) in a single portal, providing secure access to Exchange services on a single IP address. For more information, see the Exchange services publishing solution guide. |
Publishing Exchange 2010; SharePoint 2010 |
Yes |
No |
You can publish Exchange 2010 and SharePoint 2010 using Forefront UAG. For more information, see the Exchange services publishing solution guide and the SharePoint publishing solution guide. |
Publishing Outlook Mobile Access for Exchange 2003 |
No |
Yes |
Not supported in Forefront UAG. |
Publishing Remote Desktop Services (RDS) |
Yes |
No |
Forefront UAG provides access to published RemoteApps and Remote Desktops, by integrating a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for RDS services and applications. For more information, see the Remote Desktop Services publishing solution guide. |
Internal publishing using integrated Windows authentication |
No |
Yes |
The use of Integrated Windows Authentication to authenticate corporate users accessing internal applications is not supported in Forefront UAG. |
Publishing a farm of Web servers or application servers |
Yes |
No |
You can publish a farm of Web servers or application servers that perform the same role or host the same content. You can load balance requests to farm members to distribute requests evenly among available nodes, detect offline servers and implement failover, and maintain farm servers without disrupting current endpoint connections. |
Client authentication with Active Directory |
Yes |
Yes |
Forefront UAG allows you to use all available Active Directory domain controllers when configuring user authentication against Active Directory Domain Services; there was a limit of two domain controllers in IAG 2007. |
Verifying endpoint health with Network Access Protection (NAP) policies |
Yes |
No |
In addition to evaluating client endpoint health using Forefront UAG endpoint policies, Forefront UAG integrates Windows Server 2008 NAP technology, allowing you to verify client endpoint compliance against NAP policies defined on a Network Protection Server (NPS). For more information, see Planning for endpoint health checking. |
SQL Server logging |
Yes |
No |
Forefront UAG allows you to log to a local or remote SQL Server. For more information, see Logging to a SQL Server. |
Web portal |
Yes |
Yes |
The default Forefront UAG portal was redesigned to enhance the client endpoint experience. The portal provides an application tree for easier navigation, and the ability to search and sort applications published in the portal. |
Portal with Outlook Web Access look and feel |
Yes |
No |
Forefront UAG provides a streamlined logon experience for Outlook Web Access users. You can apply an Outlook Web Access theme to a portal; authentication logon and logoff pages have been redesigned with an Outlook Web Access look and feel. |
Customizing the portal |
Yes |
Yes |
The Forefront UAG portal is now in asp.net, not .asp. |
Application wrapper (AppWrap) files |
Yes |
Yes |
AppWrap files enable (the manipulation of HTTP responses from backend Web servers to clients. In IAG 2007, there were approximately 30 AppWrap files. Each one was used by a different type of application trunk, as well as for portal trunks. Application trunks are not used in Forefront UAG and thus only one main AppWrap file exists. Two versions of this file are used, one for HTTP trunks, and the other for HTTPS trunks. |
Activation Monitor |
Yes |
No |
Forefront UAG provides an Activation Monitor that shows configuration activation activity. This is useful for monitoring the status of array members when activation occurs on the array manager. Activation Monitor is available from the Forefront UAG option in the Start menu. |
Policy Manager |
No |
Yes |
The Policy Manager console is not available in Forefront UAG. |
Session Manager Utility |
No |
Yes |
The Session Manager Utility is not supported in Forefront UAG. IAG 2007 provided the Session Manager Utility in the \whale-com\e-gap\utils\sessionmgr folder. |
Web mail trunk |
No |
Yes |
Forefront UAG provides portal trunks only. |
Basic trunk |
No |
Yes |
Forefront UAG provides portal trunks only. |
Rule set enforcement |
Yes |
Yes |
Some rule set enforcement levels were removed in Forefront UAG. |
User defined UniqueSignature global host address translation parameter |
No |
Yes |
IAG 2007 uses URL signing to enable communication with multiple internal published servers while using a single external IP address and portal. IAG recognizes the internal server required in an endpoint request by means of a unique signature field. This field is configurable in IAG 2007, but not in Forefront UAG. |
Changes introduced by IAG Service Pack 2 Update 1 |
Yes |
Yes |
The following features introduced in IAG SP2 Update 1 are included in Forefront UAG RTM:
The following Update 1 issues are not included in Forefront UAG RTM:
|
Changes introduced by IAG Service Pack 2 Update 2 |
Partial |
Yes |
The following features introduced in IAG SP2 Update 2 are included in Forefront UAG:
The following Update 2 features are not included in Forefront UAG RTM:
|