Meir MendelovichSenior Program Manager, UAG Product Group

SIA306 Microsoft Forefront Unified Access Gateway (UAG): DirectAccess and Beyond

Business Ready SecurityHelp securely enable business by managing risk and empowering people

Highly Secure & Interoperable Platform

IdentityProtect everywhere,access anywhere

Integrate and extend security

across the enterprise

Simplify the security experience, manage compliance

Block

from:

EnableCost Value

Siloed Seamless

to:

UAG Vision

Provide employees, partners and customers with seamless secure access to any application or resource, from any device on any network

Increasingly, people envision a world of anywhere access - a world in which the information, the communities, and the

content that they value is available instantly and easily, no matter where they are.

Bill GatesEnabling Secure Anywhere Access in a Connected World, Feb 2007

UAG Solution Architecture

DirectAccess

HTTPS (443)

Layer3 VPN

Data Center / Corporate Network

Business Partners /Sub-Contractors

AD, ADFS, RADIUS, LDAP….

Home / Friend / Kiosk

Employees Managed Machines

Mobile

Exchange

CRM

SharePoint

IIS based

IBM, SAP, Oracle

Terminal / Remote Desktop Services

Non web

HTTPS /

HTTP

NPS, ILM

Internet

Demo: UAG Web Experience

IAG? ISA? UAG? TMG?

Integrated and comprehensive

protection from Internet-based threats

Today Tomorrow

Unified platform for all enterprise remote access

needs

Protection

Access

Forefront Edge Security and Access products provide enhanced network edge protection and application-centric, policy-based access to corporate IT infrastructures

UAG In a GlanceWeb

ApplicationPublishin

gSSL VPN

Layer 3 VPN

SSL Network Tunneling,

SSTP

Remote Desktop Services

(TS)

DirectAccess

Enhanced Authentication & Identity

Unified Management

Enterprise Readiness

Enhanced Protection – Edge Ready

Interoperability

How UAG is saving you money

Employees remain productive – ANYWHERE.Disaster ready – H1N1, SARS, Weather..All remote access technologies on one platform, one management and possibly on one boxOut of the box non-managed supportMachines are always managedIntegrated load balancing

Schedule

RTM: Before end of 2009

Release Candidate 1 (RC1) will be out in few weeks

Release Candidate 0 (RC0) is available for download

UAG & DirectAccess

DirectAccessExtending network services and resources

to remote users

"Light up" remote clients

Decreases patch miss rates

Applies GPOs to remote machines

Pre-logon health checks and remediation

Replaces modal "connect-time" health checks

Full NAP integration

Improved productivity

Not user initiated

Simplified connectivity

Supports authenticated transactions

Supports encrypted transactions

Authentication and encryption mitigate many attacks

DirectAccess is more than Remote Access

Manage OutAccess Policies

Always OnProtected

Transactions

VPNs connect the user to the network

DirectAccess extends the network to the user

Compliant Client

Datacenter Servers

Internet

Intranet User

Enterprise Network

Intranet User

IPsec/IPv6

IPsec/I

Pv6

Deperimeterization

{

DirectAccess Server

Man

ag

ed

Windows 7

Always On

IPv6

Windows 7

IPv6

IPv4{

PDA

Windows 7 /Windows Vista/

Windows XP

Non-Windows

Unm

anaged

IPv6or

IPv4

UAG and DirectAccess better together: Extends access to servers with IPv4 support

Access for down level and non Windows clients

Enhances scalability and management

Simplifies deployment and administration

Hardened Edge Solution

IPv6 Transition Technologies:6to4, Teredo, IP-HTTPS

Under the Hood: IPSec Tunnels

Client Machine UAG

Access Enabling Tunnel*

Domain Controllers

,DNS, NPS, Manageme

nt

Rest of the

machines in

corporate network

Corp Tunnel

* In UAG RC0 there is another tunnel for DNS servers

IPv4 via NAT64IPv6 Nati veISATAP

IPv4 via NAT64IPv6 Nati veISATAP

Internet

* In UAG beta there is another tunnel for DNS servers

Client Machine UAG

Domain Controllers

,DNS, NPS, Manageme

nt

Rest of the machines

in corporate network

IP VPN

Adm

inCo

re

Web Application Publishing

17

Windows Server

TMG

Windows NLB

RRAS

IIS

TSG / RDG

UAG Filter

Session Manager User Manager Config. / Array Manager

Internal Site Portal

Direct Access

DirectAccess ServerD

NS6

4

NAT

64

ISAT

AP

IP-H

TTPS

Tere

do

6to4

Nati

ve IP

v6

DTE / DoSP

Management UI SCOM MP

UAG Logic

Tracing & Logging

SSTP

Laye

r 3

SSL

Tunn

el

Under the Hood: UAG Architecture

Under the Hood: UAG Architecture

Client Machine UAG

Domain Controllers

,DNS, NPS, Manageme

nt

Rest of the machines

in corporate network

Direct Access

DirectAccess Server

DN

S64

NAT

64

ISAT

AP

IP-H

TTPS

Tere

do

6to4

Nati

ve IP

v6

DTE / DoSP

TMG

NLB UAG Logic

UAG Management

DirectAccess Demo

Want more?

Call to Action

• Download and installhttp://www.microsoft.com/uag

• Read more on our blog:// . . / /http blogs technet com edgeaccessblog

• …and on TechNethttp://technet.microsoft.com/en-us/library/dd861463.aspx

• Visit our forum for feedback & questionshttp://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.