Overview of Forefront UAG DirectAccess for SP1

Published: October 21, 2010

Updated: February 1, 2011

Applies To: Unified Access Gateway

Forefront Unified Access Gateway (UAG) DirectAccess extends the benefits of Windows DirectAccess across your infrastructure, enhancing scalability, and simplifying deployments and ongoing management.

Forefront UAG DirectAccess features include the following:

  • Improved manageability of remote users—Forefront UAG DirectAccess enables IT professionals to manage mobile computers, by updating Group Policy settings, and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on. This flexibility allows IT professionals to manage remote computers on a regular basis, and ensures that mobile users stay up-to-date with security and system health policies.

  • More secure and flexible network infrastructure—Forefront UAG DirectAccess takes advantage of technologies such as Internet Protocol version 6 (IPv6) and Internet Protocol security (IPsec), providing a more secure and flexible network infrastructure for enterprises, by using:

    • Authentication—Forefront UAG DirectAccess authenticates the client computer, enabling the computer to connect to the intranet before the user logs on.

    • Encryption—Forefront UAG DirectAccess uses IPsec to provide encryption for communications across the Internet.

    For more information on IPv6, see Microsoft Internet Protocol Version 6 (IPv6) (http://go.microsoft.com/fwlink/?LinkID=154707).

    For more information on IPsec, see IPsec (http://go.microsoft.com/fwlink/?LinkId=154708).

    For more information on NAP, see Network Access Protection (http://go.microsoft.com/fwlink/?LinkId=154709).

  • IT simplification and cost reduction—Forefront UAG enables you to reduce your costs by:

    • Providing unified management—Forefront UAG provides unified management for all the remote access technologies.

    • Hardware consolidation—Forefront UAG manages remote access technologies, load balancing and array functionality, NAT64 and DNS64 on the same server, and using the same management console.

  • Extended access to IPv4-only resources—Forefront UAG DirectAccess uses integrated NAT64 and DNS64 to enable clients to access IPv4-only resources, in addition to IPv6-based resources.

  • Simplified deployment and administration—The Forefront UAG DirectAccess configuration is incorporated into the Forefront UAG Management Console, and is configured using interactive wizards, providing simpler deployment and management.

    The wizard supports the following new features:

    • Management only—You can configure Forefront UAG DirectAccess for remote client management only, enabling DirectAccess clients to be managed without giving them access to the intranet.

    • Two-factor authentication—Forefront UAG DirectAccess supports two-factor authentication using smart cards and RSA SecurID and RADIUS authentication servers.

    • Organizational units (OUs)— Forefront UAG DirectAccess supports the use of OUs when configuring client and server groups in the Forefront UAG DirectAccess Configuration Wizard.

    • Group Policy object (GPO) provisioning—Forefront UAG DirectAccess provides a flexible solution for DirectAccess GPO provisioning.

    • DirectAccess Connectivity Assistant (DCA)—DCA policy can be created in the Forefront UAG DirectAccess Configuration Wizard to be distributed to DirectAccess clients as part of the client GPO.

    • Force tunneling—DirectAccess clients can be configured to work using force tunneling, so that all Internet traffic from a DirectAccess client is channeled through the Forefront UAG DirectAccess server.

    • Network Access Protection (NAP)—NAP can be automatically deployed and configured on the Forefront UAG DirectAccess server. Existing NAP deployments are also supported.

    • Management server auto-discovery—Forefront UAG DirectAccess supports the auto-discovery of management servers, including domain controllers, SCCM servers and HRA servers.

  • Enhanced scalability, high availability and management—By utilizing its array management capabilities and network load balancing, Forefront UAG enables you to set up multiple DirectAccess servers in an array, providing high availability and scalability.

  • Monitoring—Forefront UAG DirectAccess enables you to monitor DirectAccess client sessions and Forefront UAG DirectAccess server’s health, using Web Monitor, and a PowerShell snap-in cmdlet.