Direct Access and UAG video - Deep dive with a Program Manager

Posted By: David Tesar | Oct 1st @ 9:39 AM | 16,811 Views | 2 Comments
Ben Bernstein and Stephen Bowie tell us what the value is for Unified Access Gateway (UAG) with Direct Access (DA).
After this, we do a whiteboard of UAG + DA architecture, including explaining how it works with multiple UAG servers. Here's how the rest of the interview breaks down:
  • How UAG supports legacy IPv4 clients (Marker 3 @ 8:02)
  • How does the client know to connect to the proper DNS server and not the one from the local ISP? (Marker 4 @ 13:17)
  • How do we know it's securely talking to the proper DNS server? (Marker 5 @ 15:01)
  • What other components on UAG enable DA? (Marker 6 @ 16:10)
  • Additional value add for UAG with DA (Marker 7 @ 17:55)

 Visit the UAG homepage
Tags: directaccess, forefront, UAG, Windows Server 2008 R2
Rating:
1
0
#Oct 1st @ 9:43 PM
Mancer
Mancer
Helix Nebula

Good high-level overview of UAG technology.  However, the TMG component is only briefly discussed at the end.

 

I would like to see some additional Edge videos to clarify some of the differences between UAG and TMG, using them together in conjunction, plus their intergration with Forefront Sterling and SCOM.  How much configurability or limitations will admins have with just one solution or the other?  UAG seems geared to protect inbound connections with emphasis on DA, and TMG is geared to protect outbound connections with emphasis on proxying/publishing/inspection.  If a company want to use DA to connect to the UAG, admins will need to define internal Sharepoint sites and Exchange role services in TMG.  Can all of this be done with the same AMS/ADLDS instances and managed as one?

 

Details about how to deploy these side-by-side in the DMZ would be enlightening, in order to utilize the full capabilities of these very cool products to secure local and remote user connections in both directions.

#Oct 5th @ 10:01 AM
extreme
extreme

Thanks for the feedback and recommendations!  To answer one of your questions - UAG will not connect with the Forefront Protection Manager (FPM) console upon release.  TMG will have limited integration with FPM (details to come later).  The best way to think about UAG is an extension to the base functionality TMG provides for additional remote connectivity and security options.  This is the same concept to the current version of the products IAG as is to ISA server. When you are using an array, you will be able to manage the configuration for all servers in one place.

 

I have a TMG "deep-dive" video planned, so I will most certainly touch deeper on some of your requests in this piece of content.

Microsoft Communities