Original author(s) | Whale Communications |
---|---|
Developer(s) | Microsoft |
Final release | 2010 with SP4 / 27 November 2013 [1] |
Operating system | Windows Server 2008 R2 [2] |
Platform | x86-64 [2] |
Type | Reverse proxy, virtual private network |
License | Proprietary commercial software |
Website | microsoft.com/uag (Offline) |
Minimum system requirements [2] | |
---|---|
CPU | 2.66 GHz; dual core; x86-64-compatible |
Memory | 4 GB |
Hard disk drive space | 2.5 GB |
Operating system | Windows Server 2008 R2 Standard or Enterprise edition |
Other requirements | The computer on which Forefront UAG is being installed should be devoid of all other software except its operating system. |
Microsoft Forefront Unified Access Gateway (UAG) is a discontinued software suite that provides secure remote access to corporate networks for remote employees and business partners. Its services include reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007. UAG is part of the Microsoft Forefront offering. Microsoft discontinued the product in 2014, although the Web Application Proxy feature of Windows Server 2012 R2 and later offers some of its functionalities.
Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. Whale's initial product, e-Gap, was designed to create physical separation between networks of disparate trust levels. It consisted of an appliance housing a 512k memory chip that toggled connections between two servers via a SCSI bus. The product was originally built to offer sneaker-net services and shortly thereafter features to enable HTTP connections were added. In the 90's and early 2000's, e-Gap was enhanced to provide comprehensive reverse proxy features that included in-depth filtering of inbound traffic to ensure the security of the web servers and applications it protected. As adoption grew, the product pivoted to focus more specifically on Remote Access use-cases and additional features and licensing options were added to provide employee and contractor remote access across a range of connectivity options. In 2002, the market evolved into offering more comprehensive SSL VPN features. Whale's uniqueness was in its ability to granularly filter and alter the flow of traffic to enable a path of least access and protect from both known and unknown attacks/vulnerabilities using an application specific positive logic filtering engine.
On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications. [3] Microsoft completed the acquisition on 26 July 2006. [4] [5] Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap (e-Gap) was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, PortSys and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance (a first of its kind form-factor for Microsoft) - a pre-installed VHD which could be run on Hyper-V or VMware Workstation.
In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway (UAG). The product was released on 24 December 2009. [6] UAG's core new functionality centered on its DirectAccess gateway. DirectAccess, launched with Windows 7, was Microsoft's visionary always on VPN which allowed both VPN access and continuous endpoint management and control. At its launch, UAG was the only solution to publishing DirectAccess making the product an integral part of the Windows 7 strategy. Ultimately, these capabilities (and others) were built natively into Windows Server.
Service Pack 1 for this product was released on 3 December 2010. [7] Update 1 for Service Pack 1 was released on 17 October 2011 [8] Service Pack 2 for this product was released on 6 August 2011. [9] Service Pack 3 was released on 19 February 2013. [10] Service Pack 4 was released on 27 November 2013. [1] On 17 December Microsoft have announced that Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on 1 July 2014 [11]
Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.
Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG. [12]
Out of the box UAG Server is able to work with many authentication vendors such as Mi-Token, RSA Security, OneSpan, GrIDsure, Swivel, ActivCard and Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox.
UAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (when using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.
The inclusion of DirectAccess with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components - DNS64 and NAT64, which make deploying DirectAccess in an existing network easier, without the need to deploy IPv6. [13]
The product is sold in appliance form, from various vendors. It is also offered as an installable DVD. The product can be installed on Windows Server 2008 R2. [14]
Version | Release date | Version number | Reference |
---|---|---|---|
General availability | 25 January 2010 | 4.0.1101.0 | — |
Sec Update MS10-089 | 9 Nov 2010 | 4.0.1101.052 | [15] |
Update 1 | 12 April 2010 | 4.0.1152.100 | [16] |
U1 Rollup 1 | 18 May 2010 | 4.0.1152.110 | [17] |
U1+Sec Update MS10-089 | 9 Nov 2010 | 4.0.1152.150 | [18] |
Update 2 | 21 September 2010 | 4.0.1269.200 | [19] |
U2+Sec Update MS10-089 | 9 Nov 2010 | 4.0.1269.250 | [20] |
Service Pack 1 RC | 21 October 2010 | 4.0.1575.10000 | ? |
Service Pack 1 | 14 January 2011 | 4.0.1752.10000 | [21] |
Service Pack 1 Rollup 1 | 3 February 2011 | 4.0.1752.10020 | [22] |
Service Pack 1 Rollup 2 (a.k.a. Q1 2011 Rollup) | 6 April 2011 | 4.0.1752.10025 | ? |
Security Update MS11-079 | 12 October 2011 | 4.0.1752.10073 | [23] |
SP1 + Sec Update MS12-026 | 10 April 2012 | 4.0.1753.10076 | [24] |
Service Pack 1 Update 1 | 13 October 2011 | 4.0.1773.10100 | [25] |
Service Pack 1 Update 1 Rollup 1 | 11 January 2012 | 4.0.1773.10110 | [26] |
SP1 U1 + Sec Update MS12-026 | 10 April 2012 | 4.0.1773.10190 | [27] |
Service Pack 1 Update 1 Rollup 2 | 12 June 2012 | 4.0.1773.10220 | ? |
Service Pack 2 | 6 August 2012 | 4.0.2095.10000 | [28] |
Service Pack 3 | 20 February 2013 | 4.0.3123.10000 | [29] |
Service Pack 3 Rollup 1 | 15 April 2013 | 4.0.3206.10100 | [30] |
Service Pack 4 | 27 November 2013 | 4.0.4083.10000 | [31] |
Service Pack 4 Rollup 1 | 28 October 2014 | 4.0.4160.10100 | [32] |
Service Pack 4 Rollup 2 | 19 June 2015 | 4.0.4205.10200 | [33] |
Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.
Windows Server 2003, codenamed "Whistler Server", is the sixth version of the Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on Windows XP.
Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, and was released to manufacturing on July 31, 1996, and then to retail in August 24, 1996, with the Server versions released to retail in September 1996.
OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.
Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.
Windows Server 2008, codenamed "Longhorn Server", is the eighth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2. It removed support for processors without ACPI, and is the first version that includes Hyper-V.
Microsoft Forefront Threat Management Gateway, formerly known as Microsoft Internet Security and Acceleration Server, is a discontinued network router, firewall, antivirus program, VPN server and web cache from Microsoft Corporation. It ran on Windows Server and works by inspecting all network traffic that passes through it.
Vyatta is a software-based virtual router, virtual firewall and VPN product for Internet Protocol networks. A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others. A standardized management console, similar to Juniper JUNOS or Cisco IOS, in addition to a web-based GUI and traditional Linux system commands, provides configuration of the system and applications. In recent versions of Vyatta, web-based management interface is supplied only in the subscription edition. However, all functionality is available through KVM, serial console or SSH/telnet protocols. The software runs on standard x86-64 servers.
Microsoft Forefront is a discontinued family of line-of-business security software by Microsoft Corporation. Microsoft Forefront products are designed to help protect computer networks, network servers and individual devices. As of 2015, the only actively developed Forefront product is Forefront Identity Manager.
Windows Home Server is a home server operating system from Microsoft. It was announced on 7 January 2007 at the Consumer Electronics Show by Bill Gates, released to manufacturing on 16 July 2007 and officially released on 4 November 2007.
Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network and a local area network or wide area network at the same time, using the same or different network connections. This connection state is usually facilitated through the simultaneous use of a LAN network interface controller (NIC), radio NIC, Wireless LAN (WLAN) NIC, and VPN client software application without the benefit of an access control.
Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.
DirectAccess, also known as Unified Remote Access, is a VPN technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, DirectAccess connections are designed to connect automatically as soon as the computer connects to the Internet. DirectAccess was introduced in Windows Server 2008 R2, providing this service to Windows 7 and Windows 8 "Enterprise" edition clients. In 2010, Microsoft Forefront Unified Access Gateway (UAG) was released, which simplifies the deployment of DirectAccess for Windows 2008 R2, and includes additional components that make it easier to integrate without the need to deploy IPv6 on the network, and with a dedicated user interface for the configuration and monitoring. Some requirements and limitations that were part of the design of DirectAccess with Windows Server 2008 R2 and UAG have been changed. While DirectAccess is based on Microsoft technology, third-party solutions exist for accessing internal UNIX and Linux servers through DirectAccess. With Windows Server 2012, DirectAccess is fully integrated into the operating system, providing a user interface to configure and native IPv6 and IPv4 support.
GraphOn GO-Global is a multi-user remote access application for Windows. GO-Global is a product of GraphOn Corporation.
Check Point GO is a USB drive that combines an encrypted USB flash drive with virtualization, VPN and computer security technologies to turn a PC into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows OS-based PC or laptop, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café.
Cyberoam Technologies, a Sophos subsidiary, is a global network security appliances provider, with presence in more than 125 countries.
Dell Software was a former division of Dell with headquarters in Round Rock, Texas, United States. Dell Software was created by merging various acquisitions by Dell Inc., the third-largest maker of PCs and now a privately held company, to build out its software offerings for data center and cloud management, information management, mobile workforce management, security and data protection for organizations of all sizes.
Array Networks is an American networking hardware company. It sells network traffic encryption tools.
NetScaler is a line of networking products owned by Cloud Software Group. The products consist of NetScaler, an application delivery controller (ADC), NetScaler AppFirewall, an application firewall, NetScaler Unified Gateway, NetScaler Application Delivery Management (ADM), and NetScaler SD-WAN, which provides software-defined wide-area networking management. NetScaler was initially developed in 1997 by Michel K Susai and acquired by Citrix Systems in 2005. Citrix consolidated all of its networking products under the NetScaler brand in 2016. On September 30, 2022, when Citrix was taken private as part of the merger with TIBCO Software, NetScaler was formed as a business unit under the Cloud Software Group.
Version: v4.0.4083.10000[~] Date Published: 11/27/2013
Version: 4.0.1752.10000 [~] Date Published: 12/3/2010
Version: 4.0.1773.10100[~] Date Published: 10/17/2011
Version: 4.0.2095.10000 [~] Date Published: 8/6/2011
Version: v4.0.3123.10000[~] Date Published: 2/19/2013