Microsoft Forefront Unified Access Gateway (UAG), is a computer software solution that provides secure remote access to corporate networks for remote employees and business partners. It incorporates remote access technologies such as reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services. UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway (IAG) which was released in 2007. UAG is part of the Microsoft Forefront offering.
Unified Access Gateway was originally developed by a startup company named Whale Communications in Rosh HaAyin, Israel. One of the challenges it tried to solve in the 1990s was to develop a remote access solution based on a VPN mechanism but without direct network access from the remote client to the corporate network. This type of solution was specifically required by the Israeli military and government, to meet national information security standards.
The technology developed was called the Air Gap and the communication between the external network and internal network was managed by two separate 1U rack-mount servers linked together by a memory bank accessed through a SCSI interface.
On 18 May 2006, Microsoft announced that it would be acquiring Whale Communications. Microsoft completed the acquisition on 26 July 2006. Following this acquisition, the product was renamed Microsoft Intelligent Application Gateway Server 2007. With this version, the SCSI-based Air Gap was dropped, and the product was unified as a single-server appliance. Instead of using the Air Gap as the security barrier, IAG used Microsoft's ISA Server firewall product. IAG was offered to the public as a pre-installed appliance by Celestix Networks, IVO Networks, PortSys and nAppliance. In 2009, with the release of Service Pack 2 for IAG, the product was also offered directly to the public from Microsoft in the form of a virtual appliance - a pre-installed VHD which could be run on Hyper-V or VMware Workstation.
In April 2008, Microsoft announced that the next generation of IAG will be named Forefront Unified Access Gateway. The product was released on 24 December 2009. Service Pack 1 for this product was released on 3 December 2010. Update 1 for Service Pack 1 was released on 17 October 2011 Service Pack 2 for this product was released on 6 August 2011. Service Pack 3 was released on 19 February 2013
Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.
Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG.
Out of the box UAG Server is able to work with many authentication vendors such as RSA Security, Vasco, GrIDsure, Swivel, ActivCard and Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox.
UAG performs particularly well in providing a portal for web applications, such as web-based email and intranets, but it also provides full SSL VPN network access using either ActiveX (when using Internet Explorer) or Java components (when using Firefox, Opera, non Windows client such as Red Hat or Mac OS). These components can also perform end-point compliance checks before allowing access, to test for attributes on the PC such as domain name, antivirus definitions date or running processes.
The inclusion of DirectAccess with UAG has been a big influence on its success, as DirectAccess provides a very seamless VPN-like integration and is in high-demand by many organizations. DirectAccess is part of Windows, but UAG provides a very user-friendly configuration interface for it, making it easier to configure for administrators. UAG also adds two additional components - DNS64 and NAT64, which make deploying DirectAccess in an existing network easier, without the need to deploy IPv6.
The product is sold in appliance form, from vendors such as IVO Networks, PortSys, Celestix Networks, and nAppliance. It is also offered as an installable DVD. The product can be installed on Windows Server 2008 R2.
|Version||Release Date||Version Number||KB Number|
|Gold (no updates)||25 January 2010||4.0.1101.0||N/A|
|Sec Update MS10-089||9 Nov 2010||4.0.1101.052||2433585|
|Update 1||12 April 2010||4.0.1152.100||981323|
|U1 Rollup 1||18 May 2010||4.0.1152.110||981932|
|U1+Sec Update MS10-089||9 Nov 2010||4.0.1152.150||2433584|
|Update 2||21 September 2010||4.0.1269.200||2288900|
|U2+Sec Update MS10-089||9 Nov 2010||4.0.1269.250||2418933|
|Service Pack 1 RC||21 October 2010||4.0.1575.10000||N/A|
|Service Pack 1||14 January 2011||4.0.1752.10000||2285712|
|Service Pack 1 Rollup 1||3 February 2011||4.0.1752.10020||2475733|
|Service Pack 1 Rollup 2 (a.k.a. Q1 2011 Rollup)||6 April 2011||4.0.1752.10025||N/A|
|Security Update MS11-079||12 October 2011||4.0.1752.10073||2522485|
|SP1 + Sec Update MS12-026||10 April 2012||4.0.1753.10076||2649261|
|Service Pack 1 Update 1||13 October 2011||4.0.1773.10100||2585140|
|Service Pack 1 Update 1 Rollup 1||11 January 2012||4.0.1773.10110||2647899|
|SP1 U1 + Sec Update MS12-026||10 April 2012||4.0.1773.10190||2649262|
|Service Pack 1 Update 1 Rollup 2||12 June 2012||4.0.1773.10220||N/A|
|Service Pack 2||6 August 2012||4.0.2095.10000||2710791|
|Service Pack 3||20 February 2013||4.0.3123.10000||2744025|
|Service Pack 3 Rollup 1||15 April 2013||4.0.3206.10100||2827350|
Here you can share your comments or contribute with more information, content, resources or links about this topic.