Microsoft Forefront Unified Access Gateway

Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. Whale's initial product, e-Gap, was designed to create physical separation between networks of disparate trust levels. It consisted of an appliance housing a 512k memory chip that toggled connections between two servers via a SCSI bus. The product was originally built to offer sneaker-net services and shortly thereafter features to enable HTTP connections were added. In the 90's and early 2000's, e-Gap was enhanced to provide comprehensive reverse proxy features that included in-depth filtering of inbound traffic to ensure the security of the web servers and applications it protected. As adoption grew, the product pivoted to focus more specifically on Remote Access use-cases and additional features and licensing options were added to provide employee and contractor remote access across a range of connectivity options. In 2002, the market evolved into offering more comprehensive SSL VPN features. Whale's uniqueness was in its ability to granularly filter and alter the flow of traffic to enable a path of least access and protect from both known and unknown attacks/vulnerabilities using an application specific positive logic filtering engine.

On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications.{{cite news

|url = http://www.microsoft.com/presspass/press/2006/may06/05-18WhaleCommunicationsPR.mspx/

|title = Microsoft to Acquire Whale Communications, a Leading Provider of SSL VPN and Application Security Technologies

|newspaper = Microsoft News Center

|publisher = Microsoft Corporation

|date = 18 May 2006

|location = Redmond, WA

|access-date = 24 July 2010

}} Microsoft completed the acquisition on 26 July 2006.{{cite news

|url = http://www.microsoft.com/presspass/features/2006/jul06/07-26Whale.mspx

|title = Microsoft Completes Acquisition of Secure Remote Access Technology Leader Whale Communications

|newspaper = Microsoft News Center

|publisher = Microsoft Corporation

|date = 26 July 2006

|location = Redmond, WA

|access-date = 24 July 2010

}}{{cite web

|url=http://www.alacrastore.com/storecontent/Thomson_M%26A/Microsoft_Corp_acquires_Whale_Communications_Ltd-1761244020

|title=Microsoft Corp acquires Whale Communications Ltd

|date=26 July 2006

|publisher=Thomson Financial

|access-date=31 October 2008

|archive-date=3 August 2009

|archive-url=https://web.archive.org/web/20090803111640/http://www.alacrastore.com/storecontent/Thomson_M%26A/Microsoft_Corp_acquires_Whale_Communications_Ltd-1761244020

|url-status=dead

}} Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap (e-Gap) was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, PortSys and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance (a first of its kind form-factor for Microsoft) - a pre-installed VHD which could be run on Hyper-V or VMware Workstation.

In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway (UAG). The product was released on 24 December 2009.{{cite web

|url = http://www.microsoft.com/forefront/unified-access-gateway/en/us/product-documentation.aspx

|title = Forefront Unified Access Gateway (UAG) 2010 is released!

|website = microsoft.com

|date = 24 December 2009

|publisher = Microsoft

|archive-url = https://web.archive.org/web/20100123094257/https://www.microsoft.com/forefront/unified-access-gateway/en/us/product-documentation.aspx

|archive-date = 23 January 2010

}} UAG's core new functionality centered on its DirectAccess gateway. DirectAccess, launched with Windows 7, was Microsoft's visionary always on VPN which allowed both VPN access and continuous endpoint management and control. At its launch, UAG was the only solution to publishing DirectAccess making the product an integral part of the Windows 7 strategy. Ultimately, these capabilities (and others) were built natively into Windows Server.

Service Pack 1 for this product was released on 3 December 2010.{{cite web

|url = https://www.microsoft.com/en-us/download/details.aspx?id=13885

|title = Download details: Forefront Unified Access Gateway (UAG) Service Pack 1

|work = Download Center

|date = 3 December 2010

|access-date = 3 December 2010

|publisher = Microsoft

|quote = Version: 4.0.1752.10000 [~] Date Published: 12/3/2010

}}

Update 1 for Service Pack 1 was released on 17 October 2011{{cite web

|url = http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27604

|title = Forefront Unified Access Gateway (UAG) Service Pack 1 (SP1) Update 1

|work = Download Center

|date = 17 October 2011

|access-date = 17 October 2011

|publisher = Microsoft

|quote = Version: 4.0.1773.10100[~] Date Published: 10/17/2011

}} Service Pack 2 for this product was released on 6 August 2011.{{cite web

|url = http://www.microsoft.com/en-us/download/details.aspx?id=30459

|title = Download details: Forefront Unified Access Gateway (UAG) Service Pack 2

|work = Download Center

|date = 6 August 2011

|access-date = 27 December 2012

|publisher = Microsoft

|quote = Version: 4.0.2095.10000 [~] Date Published: 8/6/2011

}}

Service Pack 3 was released on 19 February 2013.{{cite web

|url = http://www.microsoft.com/en-us/download/details.aspx?id=36788

|title = Forefront Unified Access Gateway (UAG) Service Pack 3 (SP3)

|work = Download Center

|date = 19 February 2013

|access-date = 30 March 2013

|publisher = Microsoft

|quote = Version: v4.0.3123.10000[~] Date Published: 2/19/2013

}}

Service Pack 4 was released on 27 November 2013.{{cite web

|url = http://www.microsoft.com/en-us/download/details.aspx?id=41181

|title = Forefront Unified Access Gateway (UAG) Service Pack 4 (SP4)

|work = Download Center

|date = 27 November 2013

|publisher = Microsoft

|quote = Version: v4.0.4083.10000[~] Date Published: 11/27/2013

}}

On 17 December Microsoft has announced that Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on 1 July 2014{{Cite web |url=http://blogs.technet.com/b/server-cloud/archive/2013/12/17/important-changes-to-the-forefront-product-line.aspx |title=Important Changes to the Forefront Product Line - Microsoft Server and Cloud Platform Blog - Site Home - TechNet Blogs |access-date=19 December 2013 |archive-url=https://web.archive.org/web/20141221190307/http://blogs.technet.com/b/server-cloud/archive/2013/12/17/important-changes-to-the-forefront-product-line.aspx |archive-date=21 December 2014 |url-status=dead }}

Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.

Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG.{{cite news

|url = http://www.computerworld.com/s/article/print/9167002/Microsoft_delivers_feature_rich_SSL_VPN?taxonomyName=Security&taxonomyId=17

|title = Microsoft delivers feature-rich SSL-VPN

|newspaper = Compouterworld

|publisher = International Data Group

|date = 8 March 2010

|location = Newtonville, Massachusetts

|access-date = 3 December 2010

}}

Out of the box UAG Server is able to work with many authentication vendors such as Mi-Token, RSA Security, OneSpan, GrIDsure, Swivel, ActivCard and Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox.

UAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (when using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.

The inclusion of DirectAccess with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components - DNS64 and NAT64, which make deploying DirectAccess in an existing network easier, without the need to deploy IPv6.{{cite news

|url = http://www.eweek.com/c/a/Enterprise-Networking/Microsoft-Forefront-UAG-2010-Makes-DirectAccess-Feasible-347542/

|archive-url = https://archive.today/20130122192944/http://www.eweek.com/c/a/Enterprise-Networking/Microsoft-Forefront-UAG-2010-Makes-DirectAccess-Feasible-347542/

|url-status = dead

|archive-date = 22 January 2013

|title = Microsoft Forefront UAG 2010 Makes DirectAccess Feasible

|newspaper = eWeek

|publisher = Ziff Davies

|date = 10 February 2010

|location = New York, NY

|access-date = 3 December 2010

}}

The product is sold in appliance form, from various vendors. It is also offered as an installable DVD. The product can be installed on Windows Server 2008 R2.{{cite web

|url = http://www.microsoft.com/forefront/unified-access-gateway/en/us/hardware-partner.aspx

|title = Hardware Partners

|work = Forefront UAG

|publisher = Microsoft

|archive-date = 14 August 2011

|archive-url = https://web.archive.org/web/20110814072841/http://www.microsoft.com/forefront/unified-access-gateway/en/us/hardware-partner.aspx

}}

• Microsoft Forefront

{{Reflist}}

{{Refbegin}}

• {{Cite book

|title = Mastering Microsoft Forefront UAG 2010 Customization

|publisher = PACKT

|first1 = Erez

|last1 = Ben-Ari

|first2 = Rainier

|last2 = Amara

|date = February 2011

|isbn = 978-1-84-968538-2

}}

• {{Cite book

|title = Microsoft Forefront UAG 2010 Administrator's Handbook

|publisher = PACKT

|first1 = Erez

|last1 = Ben-Ari

|first2 = Ran

|last2 = Dolev

|date = August 2010

|isbn = 978-1-84-968162-9

}}

• {{Cite web

|url = http://blogs.msdn.com/harishpa/archive/2008/06/18/secure-remote-access-isa-server-2006-vs-iag-2007.aspx

|title = Secure Remote Access: ISA Server 2006 vs IAG 2007

|work = A Connected World through Software Architecture

|publisher = Microsoft

|first = Harish

|last = Pavithran

|date = 18 June 2008

|access-date = 24 July 2010

}}

{{Refend}}

{{Microsoft Security Products}}

{{VPN}}

{{Use dmy dates|date=December 2013}}

Forefront Unified Access Gateway

Category:Computer security software

Category:2007 software