Microsoft Forefront Unified Access Gateway

Last updated
Unified Access Gateway
Original author(s) Whale Communications
Developer(s) Microsoft
Final release
2010 with SP4 / 27 November 2013;10 years ago (2013-11-27) [1]
Operating system Windows Server 2008 R2 [2]
Platform x86-64 [2]
Type Reverse proxy, virtual private network
License Proprietary commercial software
Websitemicrosoft.com/uag (Offline)
Minimum system requirements [2]
CPU 2.66 GHz; dual core; x86-64-compatible
Memory 4 GB
Hard disk drive space2.5 GB
Operating system Windows Server 2008 R2 Standard or Enterprise edition
Other requirementsThe computer on which Forefront UAG is being installed should be devoid of all other software except its operating system.

Microsoft Forefront Unified Access Gateway (UAG) is a discontinued software suite that provides secure remote access to corporate networks for remote employees and business partners. Its services include reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007. UAG is part of the Microsoft Forefront offering. Microsoft discontinued the product in 2014, although the Web Application Proxy feature of Windows Server 2012 R2 and later offers some of its functionalities.

Contents

History

Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. Whale's initial product, e-Gap, was designed to create physical separation between networks of disparate trust levels. It consisted of an appliance housing a 512k memory chip that toggled connections between two servers via a SCSI bus. The product was originally built to offer sneaker-net services and shortly thereafter features to enable HTTP connections were added. In the 90's and early 2000's, e-Gap was enhanced to provide comprehensive reverse proxy features that included in-depth filtering of inbound traffic to ensure the security of the web servers and applications it protected. As adoption grew, the product pivoted to focus more specifically on Remote Access use-cases and additional features and licensing options were added to provide employee and contractor remote access across a range of connectivity options. In 2002, the market evolved into offering more comprehensive SSL VPN features. Whale's uniqueness was in its ability to granularly filter and alter the flow of traffic to enable a path of least access and protect from both known and unknown attacks/vulnerabilities using an application specific positive logic filtering engine.

On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications. [3] Microsoft completed the acquisition on 26 July 2006. [4] [5] Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap (e-Gap) was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, PortSys and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance (a first of its kind form-factor for Microsoft) - a pre-installed VHD which could be run on Hyper-V or VMware Workstation.

In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway (UAG). The product was released on 24 December 2009. [6] UAG's core new functionality centered on its DirectAccess gateway. DirectAccess, launched with Windows 7, was Microsoft's visionary always on VPN which allowed both VPN access and continuous endpoint management and control. At its launch, UAG was the only solution to publishing DirectAccess making the product an integral part of the Windows 7 strategy. Ultimately, these capabilities (and others) were built natively into Windows Server.

Service Pack 1 for this product was released on 3 December 2010. [7] Update 1 for Service Pack 1 was released on 17 October 2011 [8] Service Pack 2 for this product was released on 6 August 2011. [9] Service Pack 3 was released on 19 February 2013. [10] Service Pack 4 was released on 27 November 2013. [1] On 17 December Microsoft have announced that Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on 1 July 2014 [11]

Technical overview

Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.

Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG. [12]

Out of the box UAG Server is able to work with many authentication vendors such as Mi-Token, RSA Security, OneSpan, GrIDsure, Swivel, ActivCard and Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox.

UAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (when using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.

The inclusion of DirectAccess with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components - DNS64 and NAT64, which make deploying DirectAccess in an existing network easier, without the need to deploy IPv6. [13]

The product is sold in appliance form, from various vendors. It is also offered as an installable DVD. The product can be installed on Windows Server 2008 R2. [14]

Version History

VersionRelease dateVersion numberReference
General availability 25 January 20104.0.1101.0
Sec Update MS10-0899 Nov 20104.0.1101.052 [15]
Update 112 April 20104.0.1152.100 [16]
U1 Rollup 118 May 20104.0.1152.110 [17]
U1+Sec Update MS10-0899 Nov 20104.0.1152.150 [18]
Update 221 September 20104.0.1269.200 [19]
U2+Sec Update MS10-0899 Nov 20104.0.1269.250 [20]
Service Pack 1 RC21 October 20104.0.1575.10000 ?
Service Pack 114 January 20114.0.1752.10000 [21]
Service Pack 1 Rollup 13 February 20114.0.1752.10020 [22]
Service Pack 1 Rollup 2 (a.k.a. Q1 2011 Rollup)6 April 20114.0.1752.10025 ?
Security Update MS11-07912 October 20114.0.1752.10073 [23]
SP1 + Sec Update MS12-02610 April 20124.0.1753.10076 [24]
Service Pack 1 Update 113 October 20114.0.1773.10100 [25]
Service Pack 1 Update 1 Rollup 111 January 20124.0.1773.10110 [26]
SP1 U1 + Sec Update MS12-02610 April 20124.0.1773.10190 [27]
Service Pack 1 Update 1 Rollup 212 June 20124.0.1773.10220 ?
Service Pack 26 August 20124.0.2095.10000 [28]
Service Pack 320 February 20134.0.3123.10000 [29]
Service Pack 3 Rollup 115 April 20134.0.3206.10100 [30]
Service Pack 427 November 20134.0.4083.10000 [31]
Service Pack 4 Rollup 128 October 20144.0.4160.10100 [32]
Service Pack 4 Rollup 219 June 20154.0.4205.10200 [33]

See also

Related Research Articles

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

<span class="mw-page-title-main">Windows Server 2003</span> Third version of Windows Server, released in 2003

Windows Server 2003, codenamed "Whistler Server", is the sixth version of the Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on Windows XP.

<span class="mw-page-title-main">Windows NT 4.0</span> Fourth major release of Windows NT, released in 1996

Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, and was released to manufacturing on July 31, 1996, and then to retail in August 24, 1996, with the Server versions released to retail in September 1996.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.

Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.

<span class="mw-page-title-main">Windows Server 2008</span> Fourth version of Windows Server, released in 2008

Windows Server 2008, codenamed "Longhorn Server", is the eighth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2. It removed support for processors without ACPI, and is the first version that includes Hyper-V.

<span class="mw-page-title-main">Microsoft Forefront Threat Management Gateway</span>

Microsoft Forefront Threat Management Gateway, formerly known as Microsoft Internet Security and Acceleration Server, is a discontinued network router, firewall, antivirus program, VPN server and web cache from Microsoft Corporation. It ran on Windows Server and works by inspecting all network traffic that passes through it.

Vyatta is a software-based virtual router, virtual firewall and VPN product for Internet Protocol networks. A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others. A standardized management console, similar to Juniper JUNOS or Cisco IOS, in addition to a web-based GUI and traditional Linux system commands, provides configuration of the system and applications. In recent versions of Vyatta, web-based management interface is supplied only in the subscription edition. However, all functionality is available through KVM, serial console or SSH/telnet protocols. The software runs on standard x86-64 servers.

Microsoft Forefront is a discontinued family of line-of-business security software by Microsoft Corporation. Microsoft Forefront products are designed to help protect computer networks, network servers and individual devices. As of 2015, the only actively developed Forefront product is Forefront Identity Manager.

<span class="mw-page-title-main">Windows Home Server</span> Home server operating system by Microsoft released in 2007

Windows Home Server is a home server operating system from Microsoft. It was announced on 7 January 2007 at the Consumer Electronics Show by Bill Gates, released to manufacturing on 16 July 2007 and officially released on 4 November 2007.

Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network and a local area network or wide area network at the same time, using the same or different network connections. This connection state is usually facilitated through the simultaneous use of a LAN network interface controller (NIC), radio NIC, Wireless LAN (WLAN) NIC, and VPN client software application without the benefit of an access control.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

DirectAccess, also known as Unified Remote Access, is a VPN technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, DirectAccess connections are designed to connect automatically as soon as the computer connects to the Internet. DirectAccess was introduced in Windows Server 2008 R2, providing this service to Windows 7 and Windows 8 "Enterprise" edition clients. In 2010, Microsoft Forefront Unified Access Gateway (UAG) was released, which simplifies the deployment of DirectAccess for Windows 2008 R2, and includes additional components that make it easier to integrate without the need to deploy IPv6 on the network, and with a dedicated user interface for the configuration and monitoring. Some requirements and limitations that were part of the design of DirectAccess with Windows Server 2008 R2 and UAG have been changed. While DirectAccess is based on Microsoft technology, third-party solutions exist for accessing internal UNIX and Linux servers through DirectAccess. With Windows Server 2012, DirectAccess is fully integrated into the operating system, providing a user interface to configure and native IPv6 and IPv4 support.

<span class="mw-page-title-main">GraphOn</span> Application publishing software

GraphOn GO-Global is a multi-user remote access application for Windows. GO-Global is a product of GraphOn Corporation.

Check Point GO is a USB drive that combines an encrypted USB flash drive with virtualization, VPN and computer security technologies to turn a PC into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows OS-based PC or laptop, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café.

<span class="mw-page-title-main">Cyberoam</span> Computer security company

Cyberoam Technologies, a Sophos subsidiary, is a global network security appliances provider, with presence in more than 125 countries.

<span class="mw-page-title-main">Dell Software</span> Former software division of Dell, Inc.

Dell Software was a former division of Dell with headquarters in Round Rock, Texas, United States. Dell Software was created by merging various acquisitions by Dell Inc., the third-largest maker of PCs and now a privately held company, to build out its software offerings for data center and cloud management, information management, mobile workforce management, security and data protection for organizations of all sizes.

Array Networks is an American networking hardware company. It sells network traffic encryption tools.

NetScaler is a line of networking products owned by Cloud Software Group. The products consist of NetScaler, an application delivery controller (ADC), NetScaler AppFirewall, an application firewall, NetScaler Unified Gateway, NetScaler Application Delivery Management (ADM), and NetScaler SD-WAN, which provides software-defined wide-area networking management. NetScaler was initially developed in 1997 by Michel K Susai and acquired by Citrix Systems in 2005. Citrix consolidated all of its networking products under the NetScaler brand in 2016. On September 30, 2022, when Citrix was taken private as part of the merger with TIBCO Software, NetScaler was formed as a business unit under the Cloud Software Group.

References

  1. 1 2 "Forefront Unified Access Gateway (UAG) Service Pack 4 (SP4)". Download Center. Microsoft. 27 November 2013. Version: v4.0.4083.10000[~] Date Published: 11/27/2013
  2. 1 2 3 "System Requirements For Forefront UAG Servers". Microsoft Forefront website. Microsoft corporation. Retrieved 24 July 2010.
  3. "Microsoft to Acquire Whale Communications, a Leading Provider of SSL VPN and Application Security Technologies". Microsoft News Center. Redmond, WA: Microsoft Corporation. 18 May 2006. Retrieved 24 July 2010.
  4. "Microsoft Completes Acquisition of Secure Remote Access Technology Leader Whale Communications". Microsoft News Center. Redmond, WA: Microsoft Corporation. 26 July 2006. Retrieved 24 July 2010.
  5. "Microsoft Corp acquires Whale Communications Ltd". Thomson Financial. 26 July 2006. Archived from the original on 3 August 2009. Retrieved 31 October 2008.
  6. "Forefront Unified Access Gateway (UAG) 2010 is released!". microsoft.com. Microsoft. 24 December 2009. Archived from the original on 23 January 2010.
  7. "Download details: Forefront Unified Access Gateway (UAG) Service Pack 1". Download Center. Microsoft. 3 December 2010. Retrieved 3 December 2010. Version: 4.0.1752.10000 [~] Date Published: 12/3/2010
  8. "Forefront Unified Access Gateway (UAG) Service Pack 1 (SP1) Update 1". Download Center. Microsoft. 17 October 2011. Retrieved 17 October 2011. Version: 4.0.1773.10100[~] Date Published: 10/17/2011
  9. "Download details: Forefront Unified Access Gateway (UAG) Service Pack 2". Download Center. Microsoft. 6 August 2011. Retrieved 27 December 2012. Version: 4.0.2095.10000 [~] Date Published: 8/6/2011
  10. "Forefront Unified Access Gateway (UAG) Service Pack 3 (SP3)". Download Center. Microsoft. 19 February 2013. Retrieved 30 March 2013. Version: v4.0.3123.10000[~] Date Published: 2/19/2013
  11. "Important Changes to the Forefront Product Line - Microsoft Server and Cloud Platform Blog - Site Home - TechNet Blogs". Archived from the original on 21 December 2014. Retrieved 19 December 2013.
  12. "Microsoft delivers feature-rich SSL-VPN". Compouterworld. Newtonville, Massachusetts: International Data Group. 8 March 2010. Retrieved 3 December 2010.
  13. "Microsoft Forefront UAG 2010 Makes DirectAccess Feasible". eWeek. New York, NY: Ziff Davies. 10 February 2010. Archived from the original on 22 January 2013. Retrieved 3 December 2010.
  14. "Hardware Partners". Forefront UAG. Microsoft. Archived from the original on 14 August 2011.
  15. "MS10-089: Description of the security update for Forefront Unified Access Gateway 2010: 9 November 2010". Support. Microsoft.
  16. "Description of Update 1 for Unified Access Gateway 2010". Support. Microsoft.
  17. "Description of the Rollup 1 hotfix package for Unified Access Gateway 2010 Update 1". Support. Microsoft.
  18. "MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 1: 9 November 2010". Support. Microsoft.
  19. "Description of Update 2 for Unified Access Gateway 2010". Support. Microsoft.
  20. "MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 2: 9 November 2010". Support. Microsoft.
  21. "Description of Forefront Unified Access Gateway 2010 Service Pack 1 (SP1)". Support. Microsoft.
  22. "Description of the Service Pack 1 Rollup 1 hotfix package for Unified Access Gateway 2010". Support. Microsoft.
  23. "MS11-079: Description of the security update for Unified Access Gateway 2010 Service Pack 1: 11 October 2011". Support. Microsoft.
  24. "MS12-026: Description of the security update for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1: 10 April 2012". Support. Microsoft.
  25. "Description of the Service Pack 1 Update 1 for Forefront Unified Access Gateway (UAG)". Support. Microsoft.
  26. "Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 1". Support. Microsoft.
  27. "MS12-026: Description of the security update for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1: 10 April 2012". Support. Microsoft.
  28. "Description of Service Pack 2 for Forefront Unified Access Gateway 2010". Support. Microsoft.
  29. "Description of Forefront Unified Access Gateway 2010 Service Pack 3". Support. Microsoft.
  30. "Description of Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 3". Support. Microsoft.
  31. "Description of Forefront Unified Access Gateway 2010 Service Pack 4". Support. Microsoft.
  32. "Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 4". Support. Microsoft.
  33. "Rollup 2 for Forefront Unified Access Gateway 2010 Service Pack 4". Support. Microsoft.

Further reading