Post on 13-Nov-2014
description
Meir MendelovichSenior Program Manager, UAG Product Group
SIA306 Microsoft Forefront Unified Access Gateway (UAG): DirectAccess and Beyond
Business Ready SecurityHelp securely enable business by managing risk and empowering people
Highly Secure & Interoperable Platform
IdentityProtect everywhere,access anywhere
Integrate and extend security
across the enterprise
Simplify the security experience, manage compliance
Block
from:
EnableCost Value
Siloed Seamless
to:
UAG Vision
Provide employees, partners and customers with seamless secure access to any application or resource, from any device on any network
Increasingly, people envision a world of anywhere access - a world in which the information, the communities, and the
content that they value is available instantly and easily, no matter where they are.
Bill GatesEnabling Secure Anywhere Access in a Connected World, Feb 2007
UAG Solution Architecture
DirectAccess
HTTPS (443)
Layer3 VPN
Data Center / Corporate Network
Business Partners /Sub-Contractors
AD, ADFS, RADIUS, LDAP….
Home / Friend / Kiosk
Employees Managed Machines
Mobile
Exchange
CRM
SharePoint
IIS based
IBM, SAP, Oracle
Terminal / Remote Desktop Services
Non web
HTTPS /
HTTP
NPS, ILM
Internet
Demo: UAG Web Experience
IAG? ISA? UAG? TMG?
Integrated and comprehensive
protection from Internet-based threats
Today Tomorrow
Unified platform for all enterprise remote access
needs
Protection
Access
Forefront Edge Security and Access products provide enhanced network edge protection and application-centric, policy-based access to corporate IT infrastructures
UAG In a GlanceWeb
ApplicationPublishin
gSSL VPN
Layer 3 VPN
SSL Network Tunneling,
SSTP
Remote Desktop Services
(TS)
DirectAccess
Enhanced Authentication & Identity
Unified Management
Enterprise Readiness
Enhanced Protection – Edge Ready
Interoperability
How UAG is saving you money
Employees remain productive – ANYWHERE.Disaster ready – H1N1, SARS, Weather..All remote access technologies on one platform, one management and possibly on one boxOut of the box non-managed supportMachines are always managedIntegrated load balancing
Schedule
RTM: Before end of 2009
Release Candidate 1 (RC1) will be out in few weeks
Release Candidate 0 (RC0) is available for download
UAG & DirectAccess
DirectAccessExtending network services and resources
to remote users
"Light up" remote clients
Decreases patch miss rates
Applies GPOs to remote machines
Pre-logon health checks and remediation
Replaces modal "connect-time" health checks
Full NAP integration
Improved productivity
Not user initiated
Simplified connectivity
Supports authenticated transactions
Supports encrypted transactions
Authentication and encryption mitigate many attacks
DirectAccess is more than Remote Access
Manage OutAccess Policies
Always OnProtected
Transactions
VPNs connect the user to the network
DirectAccess extends the network to the user
Compliant Client
Datacenter Servers
Internet
Intranet User
Enterprise Network
Intranet User
IPsec/IPv6
IPsec/I
Pv6
Deperimeterization
{
DirectAccess Server
Man
ag
ed
Windows 7
Always On
IPv6
Windows 7
IPv6
IPv4{
PDA
Windows 7 /Windows Vista/
Windows XP
Non-Windows
Unm
anaged
IPv6or
IPv4
UAG and DirectAccess better together: Extends access to servers with IPv4 support
Access for down level and non Windows clients
Enhances scalability and management
Simplifies deployment and administration
Hardened Edge Solution
IPv6 Transition Technologies:6to4, Teredo, IP-HTTPS
Under the Hood: IPSec Tunnels
Client Machine UAG
Access Enabling Tunnel*
Domain Controllers
,DNS, NPS, Manageme
nt
Rest of the
machines in
corporate network
Corp Tunnel
* In UAG RC0 there is another tunnel for DNS servers
IPv4 via NAT64IPv6 Nati veISATAP
IPv4 via NAT64IPv6 Nati veISATAP
Internet
* In UAG beta there is another tunnel for DNS servers
Client Machine UAG
Domain Controllers
,DNS, NPS, Manageme
nt
Rest of the machines
in corporate network
IP VPN
Adm
inCo
re
Web Application Publishing
17
Windows Server
TMG
Windows NLB
RRAS
IIS
TSG / RDG
UAG Filter
Session Manager User Manager Config. / Array Manager
Internal Site Portal
Direct Access
DirectAccess ServerD
NS6
4
NAT
64
ISAT
AP
IP-H
TTPS
Tere
do
6to4
Nati
ve IP
v6
DTE / DoSP
Management UI SCOM MP
UAG Logic
Tracing & Logging
SSTP
Laye
r 3
SSL
Tunn
el
Under the Hood: UAG Architecture
Under the Hood: UAG Architecture
Client Machine UAG
Domain Controllers
,DNS, NPS, Manageme
nt
Rest of the machines
in corporate network
Direct Access
DirectAccess Server
DN
S64
NAT
64
ISAT
AP
IP-H
TTPS
Tere
do
6to4
Nati
ve IP
v6
DTE / DoSP
TMG
NLB UAG Logic
UAG Management
DirectAccess Demo
Want more?
Call to Action
• Download and installhttp://www.microsoft.com/uag
• Read more on our blog:// . . / /http blogs technet com edgeaccessblog
• …and on TechNethttp://technet.microsoft.com/en-us/library/dd861463.aspx
• Visit our forum for feedback & questionshttp://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.