Microsoft Forefront Unified Access Gateway

Last updated
Unified Access Gateway
Original author(s) Whale Communications
Developer(s) Microsoft
Final release
2010 with SP4 / 27 November 2013;8 years ago (2013-11-27) [1]
Operating system Windows Server 2008 R2 [2]
Platform x86-64 [2]
Type Reverse proxy, virtual private network
License Proprietary commercial software
Websitemicrosoft.com/uag (Offline)
Minimum system requirements [2]
CPU 2.66 GHz; dual core; x86-64-compatible
Memory 4 GB
Hard disk drive space2.5 GB
Operating system Windows Server 2008 R2 Standard or Enterprise edition
Other requirementsThe computer on which Forefront UAG is being installed should be devoid of all other software except its operating system.

Microsoft Forefront Unified Access Gateway (UAG) is a discontinued software suite that provides secure remote access to corporate networks for remote employees and business partners. Its services include reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007. UAG is part of the Microsoft Forefront offering. Microsoft discontinued the product in 2014, although the Web Application Proxy feature of Windows Server 2012 R2 and later offers some of its functionalities.

Contents

History

Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. Whale's initial product, e-Gap, was designed to create physical separation between networks of disparate trust levels. It consisted of an appliance housing a 512k memory chip that toggled connections between two servers via a SCSI bus. The product was originally built to offer sneaker-net services and shortly thereafter features to enable HTTP connections were added. In the 90's and early 2000's, e-Gap was enhanced to provide comprehensive reverse proxy features that included in-depth filtering of inbound traffic to ensure the security of the web servers and applications it protected. As adoption grew, the product pivoted to focus more specifically on Remote Access use-cases and additional features and licensing options were added to provide employee and contractor remote access across a range of connectivity options. In 2002, the market evolved into offering more comprehensive SSL VPN features. Whale's uniqueness was in its ability to granularly filter and alter the flow of traffic to enable a path of least access and protect from both known and unknown attacks/vulnerabilities using an application specific positive logic filtering engine.

On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications. [3] Microsoft completed the acquisition on 26 July 2006. [4] [5] Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap (e-Gap) was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, PortSys and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance (a first of its kind form-factor for Microsoft) - a pre-installed VHD which could be run on Hyper-V or VMware Workstation.

In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway (UAG). The product was released on 24 December 2009. [6] UAG's core new functionality centered on its DirectAccess gateway. DirectAccess, launched with Windows 7, was Microsoft's visionary always on VPN which allowed both VPN access and continuous endpoint management and control. At its launch, UAG was the only solution to publishing DirectAccess making the product an integral part of the Windows 7 strategy. Ultimately, these capabilities (and others) were built natively into Windows Server.

Service Pack 1 for this product was released on 3 December 2010. [7] Update 1 for Service Pack 1 was released on 17 October 2011 [8] Service Pack 2 for this product was released on 6 August 2011. [9] Service Pack 3 was released on 19 February 2013. [10] Service Pack 4 was released on 27 November 2013. [1] On 17 December Microsoft have announced that Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on 1 July 2014 [11]

Technical overview

Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.

Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG. [12]

Out of the box UAG Server is able to work with many authentication vendors such as Mi-Token, RSA Security, OneSpan, GrIDsure, Swivel, ActivCard and Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox.

UAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (when using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.

The inclusion of DirectAccess with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components - DNS64 and NAT64, which make deploying DirectAccess in an existing network easier, without the need to deploy IPv6. [13]

The product is sold in appliance form, from various vendors. It is also offered as an installable DVD. The product can be installed on Windows Server 2008 R2. [14]

Version History

VersionRelease dateVersion numberReference
General availability 25 January 20104.0.1101.0
Sec Update MS10-0899 Nov 20104.0.1101.052 [15]
Update 112 April 20104.0.1152.100 [16]
U1 Rollup 118 May 20104.0.1152.110 [17]
U1+Sec Update MS10-0899 Nov 20104.0.1152.150 [18]
Update 221 September 20104.0.1269.200 [19]
U2+Sec Update MS10-0899 Nov 20104.0.1269.250 [20]
Service Pack 1 RC21 October 20104.0.1575.10000?
Service Pack 114 January 20114.0.1752.10000 [21]
Service Pack 1 Rollup 13 February 20114.0.1752.10020 [22]
Service Pack 1 Rollup 2 (a.k.a. Q1 2011 Rollup)6 April 20114.0.1752.10025?
Security Update MS11-07912 October 20114.0.1752.10073 [23]
SP1 + Sec Update MS12-02610 April 20124.0.1753.10076 [24]
Service Pack 1 Update 113 October 20114.0.1773.10100 [25]
Service Pack 1 Update 1 Rollup 111 January 20124.0.1773.10110 [26]
SP1 U1 + Sec Update MS12-02610 April 20124.0.1773.10190 [27]
Service Pack 1 Update 1 Rollup 212 June 20124.0.1773.10220?
Service Pack 26 August 20124.0.2095.10000 [28]
Service Pack 320 February 20134.0.3123.10000 [29]
Service Pack 3 Rollup 115 April 20134.0.3206.10100 [30]
Service Pack 427 November 20134.0.4083.10000 [31]
Service Pack 4 Rollup 128 October 20144.0.4160.10100 [32]
Service Pack 4 Rollup 219 June 20154.0.4205.10200 [33]

See also

Related Research Articles

Windows 2000 Personal computer operating system by Microsoft released in 2000

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The benefits of a VPN include increases in functionality, security, and management of the private network. It provides access to resources that are inaccessible on the public network and is typically used for remote workers. Encryption is common, although not an inherent part of a VPN connection.

Windows Server 2003 Server operating system by Microsoft released in 2003

Windows Server 2003 is the second version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on the consumer operating system, Windows XP.

Windows NT 4.0 Pre-emptive, graphical operating system by Microsoft

Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. The direct successor to Windows NT 3.51, it was released to manufacturing on July 31, 1996, and was launched to retail on August 24, 1996. Windows NT 4.0 was and remains a primary business-oriented operating system, and three years after its introduction, it was followed by Windows 2000. Workstation, server and embedded editions were sold, and all editions feature a graphical user interface similar to that of Windows 95, which was superseded by Windows 98 and could still be directly upgraded by either Windows 2000 Professional or Windows Me.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.

Windows Server 2008 Server operating system by Microsoft released in 2008

Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2.

Microsoft Forefront Threat Management Gateway

Microsoft Forefront Threat Management Gateway, formerly known as Microsoft Internet Security and Acceleration Server, is a discontinued network router, firewall, antivirus program, VPN server and web cache from Microsoft Corporation. It ran on Windows Server and works by inspecting all network traffic that passes through it.

Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company's security products include products for protection against email, web surfing, web hackers and instant messaging threats such as spam, spyware, trojans, and viruses. The company's networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection.

Microsoft Baseline Security Analyzer Computer security evaluation tool

Microsoft Baseline Security Analyzer (MBSA) is a discontinued software tool which is no longer available from Microsoft that determines security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.

Background Intelligent Transfer Service (BITS) is a component of Microsoft Windows XP and later iterations of the operating systems, which facilitates asynchronous, prioritized, and throttled transfer of files between machines using idle network bandwidth. It is most commonly used by recent versions of Windows Update, Microsoft Update, Windows Server Update Services, and System Center Configuration Manager to deliver software updates to clients, Microsoft's anti-virus scanner Microsoft Security Essentials to fetch signature updates, and is also used by Microsoft's instant messaging products to transfer files. BITS is exposed through the Component Object Model (COM).

Vyatta is a software-based virtual router, virtual firewall and VPN products for Internet Protocol networks. A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others. A standardized management console, similar to Juniper JUNOS or Cisco IOS, in addition to a web-based GUI and traditional Linux system commands, provides configuration of the system and applications. In recent versions of Vyatta, web-based management interface is supplied only in the subscription edition. However, all functionality is available through KVM, serial console or SSH/telnet protocols. The software runs on standard x86-64 servers.

Microsoft Forefront is a discontinued family of line-of-business security software by Microsoft Corporation. Microsoft Forefront products are designed to help protect computer networks, network servers and individual devices. As of 2015, the only actively developed Forefront product is Forefront Identity Manager.

Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network and a local area network or wide area network at the same time, using the same or different network connections. This connection state is usually facilitated through the simultaneous use of a LAN network interface controller (NIC), radio NIC, Wireless LAN (WLAN) NIC, and VPN client software application without the benefit of an access control.

DirectAccess, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, DirectAccess connections are designed to connect automatically as soon as the computer connects to the Internet. DirectAccess was introduced in Windows Server 2008 R2, providing this service to Windows 7 and Windows 8 "Enterprise" edition clients. In 2010, Microsoft Forefront Unified Access Gateway (UAG) was released, which simplifies the deployment of DirectAccess for Windows 2008 R2, and includes additional components that make it easier to integrate without the need to deploy IPv6 on the network, and with a dedicated user interface for the configuration and monitoring. Some requirements and limitations that were part of the design of DirectAccess with Windows Server 2008 R2 and UAG have been changed. While DirectAccess is based on Microsoft technology, third-party solutions exist for accessing internal UNIX and Linux servers through DirectAccess. With Windows Server 2012, DirectAccess is fully integrated into the operating system, providing a user interface to configure and native IPv6 and IPv4 support.

GO-Global Application publishing software

GraphOn GO-Global is a multi-user remote access application publishing solution for Microsoft Windows.

Systancia

Systancia is a French software company that develops software for desktop and application virtualisation, cloud computing and remote access security solutions. It was founded in 1998 and is located in Sausheim, France.

Check Point GO is a USB drive that combines an encrypted USB flash drive with virtualization, VPN and computer security technologies to turn a PC into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows OS-based PC or laptop, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café.

Cyberoam Computer security company

Cyberoam Technologies, a Sophos subsidiary, is a global network security appliances provider, with presence in more than 125 countries.

Dell Software Former software division of Dell, Inc.

Dell Software was a division of Dell with headquarters in Round Rock, Texas, United States. Dell Software was created merging various acquisitions by Dell Inc., the third-largest maker of PCs and now a privately held company, to build out its software offerings for data center and cloud management, information management, mobile workforce management, security and data protection for organizations of all sizes.

References

  1. 1 2 "Forefront Unified Access Gateway (UAG) Service Pack 4 (SP4)". Download Center. Microsoft. 27 November 2013. Version: v4.0.4083.10000[~] Date Published: 11/27/2013
  2. 1 2 3 "System Requirements For Forefront UAG Servers". Microsoft Forefront website. Microsoft corporation. Retrieved 24 July 2010.
  3. "Microsoft to Acquire Whale Communications, a Leading Provider of SSL VPN and Application Security Technologies". Microsoft News Center. Redmond, WA: Microsoft Corporation. 18 May 2006. Retrieved 24 July 2010.
  4. "Microsoft Completes Acquisition of Secure Remote Access Technology Leader Whale Communications". Microsoft News Center. Redmond, WA: Microsoft Corporation. 26 July 2006. Retrieved 24 July 2010.
  5. "Microsoft Corp acquires Whale Communications Ltd". Thomson Financial. 26 July 2006. Retrieved 31 October 2008.
  6. "Forefront Unified Access Gateway (UAG) 2010 is released!". microsoft.com. Microsoft. 24 December 2009. Archived from the original on 23 January 2010.
  7. "Download details: Forefront Unified Access Gateway (UAG) Service Pack 1". Download Center. Microsoft. 3 December 2010. Retrieved 3 December 2010. Version: 4.0.1752.10000 [~] Date Published: 12/3/2010
  8. "Forefront Unified Access Gateway (UAG) Service Pack 1 (SP1) Update 1". Download Center. Microsoft. 17 October 2011. Retrieved 17 October 2011. Version: 4.0.1773.10100[~] Date Published: 10/17/2011
  9. "Download details: Forefront Unified Access Gateway (UAG) Service Pack 2". Download Center. Microsoft. 6 August 2011. Retrieved 27 December 2012. Version: 4.0.2095.10000 [~] Date Published: 8/6/2011
  10. "Forefront Unified Access Gateway (UAG) Service Pack 3 (SP3)". Download Center. Microsoft. 19 February 2013. Retrieved 30 March 2013. Version: v4.0.3123.10000[~] Date Published: 2/19/2013
  11. "Archived copy". Archived from the original on 21 December 2014. Retrieved 19 December 2013.{{cite web}}: CS1 maint: archived copy as title (link)
  12. "Microsoft delivers feature-rich SSL-VPN". Compouterworld. Newtonville, Massachusetts: International Data Group. 8 March 2010. Retrieved 3 December 2010.
  13. "Microsoft Forefront UAG 2010 Makes DirectAccess Feasible". eWeek. New York, NY: Ziff Davies. 10 February 2010. Retrieved 3 December 2010.
  14. "Hardware Partners". Forefront UAG. Microsoft. Archived from the original on 14 August 2011.
  15. "MS10-089: Description of the security update for Forefront Unified Access Gateway 2010: 9 November 2010". Support. Microsoft.
  16. "Description of Update 1 for Unified Access Gateway 2010". Support. Microsoft.
  17. "Description of the Rollup 1 hotfix package for Unified Access Gateway 2010 Update 1". Support. Microsoft.
  18. "MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 1: 9 November 2010". Support. Microsoft.
  19. "Description of Update 2 for Unified Access Gateway 2010". Support. Microsoft.
  20. "MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 2: 9 November 2010". Support. Microsoft.
  21. "Description of Forefront Unified Access Gateway 2010 Service Pack 1 (SP1)". Support. Microsoft.
  22. "Description of the Service Pack 1 Rollup 1 hotfix package for Unified Access Gateway 2010". Support. Microsoft.
  23. "MS11-079: Description of the security update for Unified Access Gateway 2010 Service Pack 1: 11 October 2011". Support. Microsoft.
  24. "MS12-026: Description of the security update for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1: 10 April 2012". Support. Microsoft.
  25. "Description of the Service Pack 1 Update 1 for Forefront Unified Access Gateway (UAG)". Support. Microsoft.
  26. "Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 1". Support. Microsoft.
  27. "MS12-026: Description of the security update for Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1: 10 April 2012". Support. Microsoft.
  28. "Description of Service Pack 2 for Forefront Unified Access Gateway 2010". Support. Microsoft.
  29. "Description of Forefront Unified Access Gateway 2010 Service Pack 3". Support. Microsoft.
  30. "Description of Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 3". Support. Microsoft.
  31. "Description of Forefront Unified Access Gateway 2010 Service Pack 4". Support. Microsoft.
  32. "Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 4". Support. Microsoft.
  33. "Rollup 2 for Forefront Unified Access Gateway 2010 Service Pack 4". Support. Microsoft.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.