Microsoft Forefront - The Unified Access Gateway 2010

[Induhasan]

The Unified Access Gateway 2010 is the second major component of the Forefront suite of security of networks. In essence, it is the Unified Access Gateway (UAG), an SSL VPN gateway. That allows the UAG controlled access from the Internet to the server and services company. Requests of this kind are often over VPN gateways secure RDP tunnel or through the threat management gateway from the Forefront product portfolio handled. But how, in this context, the Unified Access Gateway classified in 2010? Please provide some helpful information about it.

[Recko]

What makes the Unified Access Gateway 2010 st be sophisticated authorization and security system. The Gateway provides extensive permission control by providing applications and services for users, and allows a very granular gradation of rights. Analogous to the current developments and the expectations developed by Microsoft, the IT usage in much more open and dynamic systems. The traditional separation between LAN, WAN and Internet is dissolving, as the permanent assignment in internal staff and external users or site visitors. This is not necessarily new, and the development can be followed for years. But it has massive implications for the structure of today's IT and security systems such as the Forefront Unified Access Gateway 2010.

[VinFanatic]

The central feature of the Unified Access Gateway 2010 is to provide the applications and data for the user from the Internet. This holds together under the term Microsoft Application Publishing. Here trunks are used. A trunk is similar to a portal that provides access to the applications in the enterprise network level, including the approved applications that are set up for external users. The situation is equivalent to the data: they too are provided by the drink for external users. To meet the different requirements of network requests, offers the Unified Access Gateway 2010 Trunk different variants: the portal trunk implemented an access portal for different applications and users. He is the link to the information and data directly to her and directly. Through the portal trunk, you can access multiple applications at one IP address. In this 1-to-many mapping, the user receives a single link on the portal. Here, the so-called trunk of the Redirection secure handling of a compound used by deflection of a http connection through to a secure HTTPS communications. The so-called Basic Trunk again exactly is a Web application.

[Aienstaien]

The publication of the applications is true for web applications and traditional applications. In the current version of the Unified Access Gateway 2010 Microsoft supports the following application types and their publication:

• publication of Web applications: These are Web applications to access the Internet for publishing. This method is based on a reverse proxy for application publishing. The communication between the user and the application is monitored and checked for permission. This ensures that only connections are established that are configured right and correct. The scope of the Unified Access Gateway 2010 are here, including the investigation of the connections to Microsoft applications and other applications from third parties.
• publication of remote applications: Remote Desktop Services (formerly known as Terminal Services) provide access to the desktop of the target device. This form of interference can be in the Unified Access Gateway 2010 map by Remote Desktop Services Gateway.
• publication of client / server applications: the release of client / server applications in the context of the Unified Access Gateway 2010 is based on secure connections. The UAG is relying on the routing of the communication objects such as TCP sockets and ports. The functional scope of the Unified Access Gateway 2010 also includes the authentication of users against the directory systems. Here, a variety of directories is supported.
• VPN Client Access: The Unified Access Gateway 2010 continues to support traditional VPN connections. These can be posted in UAG-portal for the user in order to access the resources within the company. The provision of the VPN gateways is simplified by the Forefront Unified Access Gateway 2010 Network Connector. Alternatively, using the Secure Socket Tunneling Protocol (SSTP) is another secure protocol for VPN tunnels.
• File access from the Internet to the corporate network: In order to directories and files on the corporate network access, provides the Unified Access Gateway 2010, a further matching connector. This allows secure access from the outside on the file server of the company.

[Joko]

The list of access paths and applications, above summarized, includes all common variants to access a remote service, an application or directories. About the Unified Access Gateway 2010 this is the safeguard against abuse or spying. This is done by authentication and authorization of the user and his rights. For this purpose, the portal visitors connect via Internet with the trunk of the logical name of the Web address or an IP address. To authenticate the user information is the Unified Access Gateway then connects to various authentication systems, such as LDAP , RADIUS, Novell Directory, Notes Directory, NT directory and of course the Active Directory ago. In addition, a review of the device and its integrity through integration with NAP services. If the configuration and security status of the computer and the login information is known, finally, the situational portal is set up. Finally, the transfer of data is only encrypted channels or via a secure communication channel.